CVE-2011-1091

Severity

40%

Complexity

80%

Confidentiality

48%

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

Type

Pidgin

First reported 13 years ago

2011-03-14 19:55:00

Last updated 7 years ago

2017-09-19 01:32:00

Affected Software

Pidgin 2.6.0

2.6.0

Pidgin 2.6.1

2.6.1

Pidgin 2.6.2

2.6.2

Pidgin 2.6.4

2.6.4

Pidgin 2.6.5

2.6.5

Pidgin 2.6.6

2.6.6

Pidgin 2.7.0

2.7.0

Pidgin 2.7.1

2.7.1

Pidgin 2.7.2

2.7.2

Pidgin 2.7.3

2.7.3

Pidgin 2.7.4

2.7.4

Pidgin 2.7.5

2.7.5

Pidgin 2.7.6

2.7.6

Pidgin 2.7.7

2.7.7

Pidgin 2.7.8

2.7.8

Pidgin 2.7.9

2.7.9

Pidgin 2.7.10

2.7.10

References

http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c

Patch

http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7

Patch

FEDORA-2011-3113

FEDORA-2011-3150

43695

Vendor Advisory

43721

46376

SSA:2011-070-02

http://www.pidgin.im/news/security/?id=51

Patch, Vendor Advisory

RHSA-2011:0616

RHSA-2011:1371

46837

ADV-2011-0643

ADV-2011-0661

ADV-2011-0669

ADV-2011-0703

https://bugzilla.redhat.com/show_bug.cgi?id=683031

pidgin-yahoo-protocol-dos(66055)

openSUSE-SU-2012:0066

oval:org.mitre.oval:def:18402

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.