Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-2694

EPSS 34.71% · P97
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-2694

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Pidgin Libpurple库msn_slplink_process_msg()函数内存破坏漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Pidgin是一款跨平台的实时通信客户端,它支持多个常用的实时通信协议,用户可用同一个软件登录不同的实时通信服务。 Pidgin和其他一些即时消息客户端所使用的Libpurple库中存在内存破坏漏洞,远程攻击者可以通过向聊天客户端发送特制的MSNSLP报文触发这个漏洞,导致执行任意代码。 攻击需要发送两个连续的MSNSLP消息,第一个用于对slpmsg存储会话id,第二个用于触发漏洞,最终目标是到达msn_slplink_process_msg()中的memcpy()调用。需要创建偏移为非0的MSNSLP
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2009-2694

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2009-2694

登录查看更多情报信息。

Same Patch Batch · n/a · 2009-08-20 · 22 CVEs total

CVE-2009-2891phpscriptsnow riddles 'list.php' SQL注入漏洞
CVE-2009-2914xzeroscripts xzero_community_classifieds 'index.php' 上传文件名导致跨站脚本攻击漏洞
CVE-2009-2913xzeroscripts xzero_community_classifieds 'index.php' 借助URL跨站脚本攻击漏洞
CVE-2009-2912sun solaris 未明漏洞
CVE-2009-2732ntop认证头空指针引用拒绝服务漏洞
CVE-2009-0638Cisco防火墙服务模块ICMP消息拒绝服务漏洞
CVE-2009-2896Kde KMPlayer .srt文件处理缓冲区溢出漏洞
CVE-2009-2895phpsugar ultimate_regnow_affiliate 'rss.php' SQL注入漏洞
CVE-2009-2894clone2009 ebay_clone SQL注入漏洞
CVE-2009-2893XZeroScripts XZero Community Classifieds 'index.php'多个跨站脚本攻击漏洞
CVE-2009-2892Scripteen Free Image Hosting Script 'header.php' 多个SQL注入漏洞
CVE-2009-2881artis.imag basilic 'index.php' SQL注入漏洞
CVE-2009-2890phpscriptsnow riddles 'results.php' 跨站脚本攻击漏洞
CVE-2009-2889phpscriptsnow hangman 'index.php' 跨站脚本攻击漏洞
CVE-2009-2888phpscriptsnow hangman 'index.php' SQL注入漏洞
CVE-2009-2887PHP Scripts Now President Bios 'bios.php'跨站脚本攻击漏洞
CVE-2009-2886phpscriptsnow president_bios SQL注入漏洞
CVE-2009-2885PHP Scripts Now World's Tallest Buildings 'bios.php' SQL注入漏洞
CVE-2009-2884phpscriptsnow world%27s_tallest_buildings 跨站脚本攻击漏洞
CVE-2009-2883Arabless SaphpLesson 'admin/login.php' SQL注入漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2009-2694

No comments yet

Leave a comment