Is CVE-2010-0013 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 12%.

What products does CVE-2010-0013 affect?

Tracked products affected include SUSE Linux Enterprise Server. Check the version you run to see whether it is affected.

How do I fix CVE-2010-0013?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

← All products

CVE-2010-0013

Q: What is CVE-2010-0013?

CVE-2010-0013 is a high-severity software vulnerability (Path traversal) with a CVSS score of 7.5. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom sm

HIGH severity · CVSS 7.5 · Path traversal

7.5CVSS HIGH

Summary

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactHigh

Integrity impactNone

Availability impactNone

Exploit probability (EPSS)12%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products we track (1)

SUSE Linux Enterprise Server

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

CVE-2010-0013

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information