CVE-2014-0020
Description
Pidgin before 2.10.8 crashes via crafted IRC message due to missing argument count validation in the IRC protocol plugin of libpurple.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Pidgin before 2.10.8 crashes via crafted IRC message due to missing argument count validation in the IRC protocol plugin of libpurple.
Vulnerability
The IRC protocol plugin in libpurple (used by Pidgin) fails to validate argument counts when processing messages from a remote IRC server. This allows a malicious server to send a specially crafted message that triggers a denial of service. Affected versions are Pidgin before 2.10.8 [1][2].
Exploitation
An attacker controlling an IRC server (or able to spoof one) sends a crafted message with an unexpected number of arguments. No authentication or additional user interaction is required beyond the user being connected to the malicious IRC server [1][2].
Impact
Successful exploitation causes Pidgin to crash, resulting in a denial of service. The crash does not lead to code execution; the impact is limited to application termination [1].
Mitigation
The fix is included in Pidgin version 2.10.8, released in early 2014. Users should upgrade to this version or later. Red Hat Enterprise Linux 5 and 6 users can obtain the fix via RHSA-2014-0139 [1]. Ubuntu users can apply USN-2100-1 [2]. No workaround is available other than upgrading or avoiding untrusted IRC servers.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
54cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*+ 53 more
- cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*range: <=2.10.7
- cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*
- (no CPE)range: <2.10.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- pidgin.im/news/security/nvdVendor Advisory
- hg.pidgin.im/pidgin/main/rev/4d9be297d399nvd
- hg.pidgin.im/pidgin/main/rev/5845d9fa7084nvd
- hg.pidgin.im/pidgin/main/rev/6b0e0566af20nvd
- hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4nvd
- hg.pidgin.im/pidgin/main/rev/9f132a6855cdnvd
- hg.pidgin.im/pidgin/main/rev/a167504359e5nvd
- lists.opensuse.org/opensuse-updates/2014-02/msg00039.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-03/msg00005.htmlnvd
- www.debian.org/security/2014/dsa-2859nvd
- www.ubuntu.com/usn/USN-2100-1nvd
- rhn.redhat.com/errata/RHSA-2014-0139.htmlnvd
News mentions
0No linked articles in our index yet.