CVE-2010-4528
EPSS 2.7%
Description
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.
How to fix CVE-2010-4528
To remediate CVE-2010-4528, upgrade the affected package to a fixed version below.
- Debian/pidgin—upgrade to 2.7.9-1 or later
Is CVE-2010-4528 being exploited?
Low — EPSS is 2.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.7.9-1