{ "schema_version": "1.4.0", "id": "GHSA-6326-h87r-x9gf", "modified": "2022-05-17T01:04:53Z", "published": "2022-05-17T01:04:53Z", "aliases": [ "CVE-2010-2528" ], "details": "The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2528" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60566" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359" }, { "type": "WEB", "url": "http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c" }, { "type": "WEB", "url": "http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0" }, { "type": "WEB", "url": "http://secunia.com/advisories/40699" }, { "type": "WEB", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873" }, { "type": "WEB", "url": "http://www.osvdb.org/66506" }, { "type": "WEB", "url": "http://www.pidgin.im/news/security/index.php?id=47" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/41881" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/1887" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/2221" } ], "database_specific": { "cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2010-07-30T13:26:00Z" } }