5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.035 Low
EPSS
Percentile
91.5%
pidgin-knotify is a Pidgin plug-in to display message notifications in KDE.
pidgin-knotify does not properly sanitize shell metacharacters from received messages.
A remote attacker could send a specially crafted instant message, possibly resulting in execution of arbitrary code with the privileges of the Pidgin process.
There is no known workaround at this time.
Gentoo has discontinued support for pidgin-knotify. We recommend that users unmerge pidgin-knotify:
# emerge --unmerge "x11-plugins/pidgin-knotify"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | x11-plugins/pidgin-knotify | <= 0.2.1 | UNKNOWN |