CVE-2012-2214

Priority
Description
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle
canceled SOCKS5 connection attempts, which allows user-assisted remote
authenticated users to cause a denial of service (application crash) via a
sequence of XMPP file-transfer requests.
Assigned-to
tyhicks
Notes
jdstrandclaimed to be fixed in 2.10.4
tyhicksAfter my code review and upstream's confirmation, the vulnerability
was introduced sometime after 2.7.11.
Upstream believes it was introduced in changeset 31742:e6eb15f2734b
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1:2.10.4-0ubuntu1)
Patches:
Upstream:http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb
More Information

Updated: 2019-12-05 20:59:12 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)