CVE-2010-0013

HIGH

7.5

CVSS Severity Score

EPSS Score0.1230%

EPSS Percentile39.24th

Published2010年1月9日

Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

Affected Platforms (CPE)

📦

Adium

= 1.3.8

📦

Pidgin

= 2.6.4

💻

Fedoraproject

Fedora

= 11

💻

Fedoraproject

Fedora

= 12

💻

Opensuse

>= 11.0 and <= 11.2

💻

Suse

Linux Enterprise

= 11.0

💻

Suse

Linux Enterprise Server

= 10

💻

Suse

Linux Enterprise Server

= 10

💻

Redhat

Enterprise Linux

= 4.0

💻

Redhat

Enterprise Linux

= 5.0

References & Advisories

🔗 http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467

🔗 http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f

🔗 http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810

🔗 http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c

🔗 http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

Vulnerability Description

Affected Platforms (CPE)

Adium

Pidgin

Fedora

Fedora

Opensuse

Linux Enterprise

Linux Enterprise Server

Linux Enterprise Server

Enterprise Linux

Enterprise Linux

References & Advisories

相關漏洞威脅