Nixpkgs security tracker

Dismissed

Permalink CVE-2019-25544

6.2 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 months ago by @mweinelt Activity log

Created suggestion 2 months ago
@mweinelt dismissed 2 months ago

Pidgin 2.13.0 Denial of Service via Malformed Username

Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat, causing the application to become unavailable.

References

ExploitDB-46930 exploit
Official Product Homepage product
VulnCheck Advisory: Pidgin 2.13.0 Denial of Service via Malformed Username third-party-advisory

Affected products

Pidgin

==2.13.0

Matching in nixpkgs

pkgs.pidgin

Multi-protocol instant messaging client

nixos-unstable 2.14.14
- nixpkgs-unstable 2.14.14
- nixos-unstable-small 2.14.14
nixos-25.11 2.14.14
- nixos-25.11-small 2.14.14
- nixpkgs-25.11-darwin 2.14.14

pkgs.pidginPackages.pidgin

Multi-protocol instant messaging client

nixos-unstable 2.14.14
- nixpkgs-unstable 2.14.14
- nixos-unstable-small 2.14.14
nixos-25.11 2.14.14
- nixos-25.11-small 2.14.14
- nixpkgs-25.11-darwin 2.14.14

pkgs.pidginPackages.pidgin-mra

Mail.ru Agent plugin for Pidgin / libpurple

pkgs.pidginPackages.pidgin-osd

Plugin for Pidgin which implements on-screen display via libxosd

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.pidginPackages.pidgin-otr

Plugin for Pidgin 2.x which implements OTR Messaging

nixos-unstable 4.0.2
- nixpkgs-unstable 4.0.2
- nixos-unstable-small 4.0.2
nixos-25.11 4.0.2
- nixos-25.11-small 4.0.2
- nixpkgs-25.11-darwin 4.0.2

pkgs.pidginPackages.pidgin-sipe

SIPE plugin for Pidgin IM

nixos-unstable 1.25.0
- nixpkgs-unstable 1.25.0
- nixos-unstable-small 1.25.0
nixos-25.11 1.25.0
- nixos-25.11-small 1.25.0
- nixpkgs-25.11-darwin 1.25.0

pkgs.pidginPackages.pidgin-latex

LaTeX rendering plugin for Pidgin IM

nixos-unstable 1.5.0
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.5.0
nixos-25.11 1.5.0
- nixos-25.11-small 1.5.0
- nixpkgs-25.11-darwin 1.5.0

pkgs.pidginPackages.pidgin-carbons

XEP-0280: Message Carbons plugin for libpurple

nixos-unstable 0.2.3
- nixpkgs-unstable 0.2.3
- nixos-unstable-small 0.2.3
nixos-25.11 0.2.3
- nixos-25.11-small 0.2.3
- nixpkgs-25.11-darwin 0.2.3

pkgs.pidginPackages.pidgin-skypeweb

SkypeWeb plugin for Pidgin

pkgs.pidginPackages.pidgin-indicator

AppIndicator and KStatusNotifierItem Plugin for Pidgin

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1
nixos-25.11 1.0.1
- nixos-25.11-small 1.0.1
- nixpkgs-25.11-darwin 1.0.1

pkgs.pidginPackages.pidgin-msn-pecan

Alternative MSN protocol plug-in for Pidgin IM

pkgs.pidginPackages.pidgin-window-merge

Pidgin plugin that merges the Buddy List window with a conversation window

nixos-unstable 0.3
- nixpkgs-unstable 0.3
- nixos-unstable-small 0.3
nixos-25.11 0.3
- nixos-25.11-small 0.3
- nixpkgs-25.11-darwin 0.3

pkgs.pidginPackages.pidgin-xmpp-receipts

Message delivery receipts (XEP-0184) Pidgin plugin

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixos-25.11-small 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.pidginPackages.pidgin-opensteamworks

Plugin for Pidgin 2.x which implements Steam Friends/Steam IM compatibility

Package maintainers

@lucasew Lucas Eduardo Wendt <lucas59356@gmail.com>
@colonelpanic8 Ivan Malison <IvanMalison@gmail.com>
@abbradar Nikolay Amiantov <ab@fmap.me>
@Shados Alexei Robyn <shados@shados.net>
@orivej Orivej Desh <orivej@gmx.fr>

Old vulnerability, fixed in all active releases

Suggestions search