Vulnerability Name:

CVE-2013-6490 (CCN-90826)

Assigned:2013-11-04
Published:2014-01-28
Updated:2014-03-08
Summary:The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
CWE-190
CWE-122
CWE-122
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2013-6490

Source: CONFIRM
Type: UNKNOWN
http://hg.pidgin.im/pidgin/main/rev/6bd2dd10e5da

Source: CCN
Type: RHSA-2014-0139
Moderate: pidgin security update

Source: CCN
Type: SA56693
Pidgin Multiple Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-2859

Source: CCN
Type: Pidgin Security Advisory 84
Buffer overflow in SIMPLE header parsing

Source: CONFIRM
Type: Vendor Advisory
http://www.pidgin.im/news/security/?id=84

Source: BID
Type: UNKNOWN
65195

Source: CCN
Type: BID-65195
Pidgin 'sipmsg_parse_header()' Function Buffer Overflow Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-2100-1

Source: XF
Type: UNKNOWN
pidgin-cve20136490-bo(90826)

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0139

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-6490

Vulnerable Configuration:Configuration 1:
  • cpe:/a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:*:*:*:*:*:*:*:* (Version <= 2.10.7)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:pidgin:pidgin:-:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:55975
    P
    		Security update for java-1_8_0-openjdk (Important)
    2021-11-23
    oval:org.opensuse.security:def:26155
    P
    		Security update for cairo (Low)
    2021-10-22
    oval:org.opensuse.security:def:20136490
    V
    		CVE-2013-6490
    2021-08-15
    oval:org.opensuse.security:def:36402
    P
    		finch-2.6.6-0.25.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:55894
    P
    		Security update for cups (Important)
    2021-04-30
    oval:org.opensuse.security:def:26027
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:55856
    P
    		Security update for python-cryptography (Important)
    2021-03-02
    oval:org.opensuse.security:def:55297
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:55131
    P
    		Security update for spice (Important)
    2020-12-16
    oval:org.opensuse.security:def:26669
    P
    		apache2-mod_perl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26281
    P
    		Security update for hexchat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26910
    P
    		gstreamer-0_10-plugins-base on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27639
    P
    		Security update for pixman
    2020-12-01
    oval:org.opensuse.security:def:28662
    P
    		Security update for finch
    2020-12-01
    oval:org.opensuse.security:def:55025
    P
    		unixODBC on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26683
    P
    		dbus-1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26292
    P
    		Security update for the Linux Kernel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26959
    P
    		libnewt0_52 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27212
    P
    		librpcsecgss on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27790
    P
    		Security update for mozilla-nss
    2020-12-01
    oval:org.opensuse.security:def:57251
    P
    		Security update for Mozilla NSS
    2020-12-01
    oval:org.opensuse.security:def:26236
    P
    		Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26727
    P
    		kdenetwork4-filesharing on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26356
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26998
    P
    		ofed on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27213
    P
    		librsvg on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27843
    P
    		Security update for net-snmp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:57325
    P
    		Security update for finch
    2020-12-01
    oval:org.opensuse.security:def:26293
    P
    		Security update for raptor (Important)
    2020-12-01
    oval:org.opensuse.security:def:27365
    P
    		Xerces-c on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26484
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27012
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27224
    P
    		libupsclient1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27892
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:54451
    P
    		dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55582
    P
    		Security update for libgcrypt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26377
    P
    		Security update for kauth, kdelibs4 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27400
    P
    		finch on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26565
    P
    		hplip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27056
    P
    		xdg-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27288
    P
    		sblim-sfcb on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27931
    P
    		Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54452
    P
    		dia on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55690
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:25951
    P
    		Security update for pcsc-lite (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26528
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26622
    P
    		openvpn on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27694
    P
    		Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:27416
    P
    		gtk2-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27945
    P
    		Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54474
    P
    		gdk-pixbuf-loader-rsvg on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55782
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25952
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26581
    P
    		libadns1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26706
    P
    		ghostscript-fonts-other on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27729
    P
    		Security update for finch
    2020-12-01
    oval:org.opensuse.security:def:27498
    P
    		libvorbis-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27989
    P
    		Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:54614
    P
    		libthai-data on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25963
    P
    		Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:26630
    P
    		perl-spamassassin on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26280
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26857
    P
    		PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27555
    P
    		rubygem-activemodel-3_2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28627
    P
    		Security update for MozillaFirefox (Critical)
    2020-12-01
    oval:org.opensuse.security:def:54852
    P
    		libcares2 on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:25166
    P
    		SUSE-SU-2014:0702-1 -- Security update for finch
    2014-09-08
    oval:org.mitre.oval:def:22203
    P
    		RHSA-2014:0139: pidgin security update (Moderate)
    2014-07-07
    oval:org.mitre.oval:def:22557
    P
    		USN-2100-1 -- pidgin vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:24323
    P
    		DSA-2859-2 pidgin - security update
    2014-06-23
    oval:org.mitre.oval:def:22474
    P
    		DSA-2859-1 pidgin - several
    2014-06-23
    oval:org.mitre.oval:def:24167
    P
    		ELSA-2014:0139: pidgin security update (Moderate)
    2014-05-26
    oval:org.opensuse.security:def:79959
    P
    		Security update for finch
    2014-05-08
    oval:com.ubuntu.precise:def:20136490000
    V
    		CVE-2013-6490 on Ubuntu 12.04 LTS (precise) - medium.
    2014-02-06
    oval:com.redhat.rhsa:def:20140139
    P
    		RHSA-2014:0139: pidgin security update (Moderate)
    2014-02-05
    BACK
    pidgin pidgin 2.0.0
    pidgin pidgin 2.0.1
    pidgin pidgin 2.0.2
    pidgin pidgin 2.1.0
    pidgin pidgin 2.1.1
    pidgin pidgin 2.2.0
    pidgin pidgin 2.2.1
    pidgin pidgin 2.2.2
    pidgin pidgin 2.3.0
    pidgin pidgin 2.3.1
    pidgin pidgin 2.4.0
    pidgin pidgin 2.4.1
    pidgin pidgin 2.4.2
    pidgin pidgin 2.4.3
    pidgin pidgin 2.5.0
    pidgin pidgin 2.5.1
    pidgin pidgin 2.5.2
    pidgin pidgin 2.5.3
    pidgin pidgin 2.5.4
    pidgin pidgin 2.5.5
    pidgin pidgin 2.5.6
    pidgin pidgin 2.5.7
    pidgin pidgin 2.5.8
    pidgin pidgin 2.5.9
    pidgin pidgin 2.6.0
    pidgin pidgin 2.6.1
    pidgin pidgin 2.6.2
    pidgin pidgin 2.6.3
    pidgin pidgin 2.6.4
    pidgin pidgin 2.6.5
    pidgin pidgin 2.6.6
    pidgin pidgin 2.7.0
    pidgin pidgin 2.7.1
    pidgin pidgin 2.7.2
    pidgin pidgin 2.7.3
    pidgin pidgin 2.7.4
    pidgin pidgin 2.7.5
    pidgin pidgin 2.7.6
    pidgin pidgin 2.7.7
    pidgin pidgin 2.7.8
    pidgin pidgin 2.7.9
    pidgin pidgin 2.7.10
    pidgin pidgin 2.7.11
    pidgin pidgin 2.8.0
    pidgin pidgin 2.9.0
    pidgin pidgin 2.10.0
    pidgin pidgin 2.10.1
    pidgin pidgin 2.10.2
    pidgin pidgin 2.10.3
    pidgin pidgin 2.10.4
    pidgin pidgin 2.10.5
    pidgin pidgin 2.10.6
    pidgin pidgin *
    pidgin pidgin -
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6