CVE Database


Impact: Moderate
Public: 2009-12-27
Bugzilla: 554335: CVE-2010-0277 pidgin MSN protocol plugin memory corruption


The MITRE CVE dictionary describes this issue as:

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

Find out more about CVE-2010-0277 from the MITRE CVE dictionary and NIST NVD.


This issue was addressed for Red Hat Enterprise Linux 4 and 5 via
We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the MSN protocol support in the provided version of Pidgin (1.5.1) is out-dated and no longer supported by MSN servers. There are no plans to backport MSN protocol changes for that version of Pidgin.

CVSS v2 metrics

Base Score: 4
Base Metrics: AV:N/AC:L/Au:S/C:N/I:N/A:P
Access Vector: Network
Access Complexity: Low
Authentication: Single Instance
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux Desktop Workstation version 5 (pidgin) RHSA-2010:0115 February 18, 2010
Red Hat Enterprise Linux Optional Productivity Applications version 5 (pidgin) RHSA-2010:0115 February 18, 2010
Red Hat Enterprise Linux version 4 (pidgin) RHSA-2010:0115 February 18, 2010

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.