Primary

Context

Pidgin Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Pidgin version 2.13.0. This issue allows local attackers to crash the application by entering an excessively long username during account creation. The vulnerability arises when the application processes a buffer of 1000 characters in the username field. Once the account is created, joining a chat triggers a crash, rendering the application unavailable.

Impact

Exploiting this vulnerability causes Pidgin to crash, disrupting any active chat sessions and requiring the application to be restarted.

Reproduction

To reproduce this vulnerability, create a new account in Pidgin 2.13.0. Enter 1000 characters in the username field and any text in the password field. After adding the account, attempt to join a chat. The application will crash, indicating a successful exploitation of the denial-of-service vulnerability.

Added: Mar 21, 2026, 1:29 PM

Updated: Mar 21, 2026, 1:29 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pidgin Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Pidgin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating