CVE-2012-2214 (retired)

Priority
Description
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle
canceled SOCKS5 connection attempts, which allows user-assisted remote
authenticated users to cause a denial of service (application crash) via a
sequence of XMPP file-transfer requests.
Notes
 jdstrand> claimed to be fixed in 2.10.4
 tyhicks> After my code review and upstream's confirmation, the vulnerability
  was introduced sometime after 2.7.11.
 tyhicks> Upstream believes it was introduced in changeset 31742:e6eb15f2734b
Assigned-to
tyhicks
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1:2.10.4-0ubuntu1)
Patches:
Upstream:http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb
More Information

Updated: 2019-03-26 12:01:52 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)