Null pointer dereference

2011-03-1419:55:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.

CPENameOperatorVersion
pidgineq2.7.9
pidgineq2.7.5
pidgineq2.7.0
pidgineq2.7.4
pidgineq2.6.0
pidgineq2.7.6
pidgineq2.7.10
pidgineq2.7.3
pidgineq2.6.5
pidgineq2.6.6

Name	Operator	Version
pidgin	eq	2.7.9
pidgin	eq	2.7.5
pidgin	eq	2.7.0
pidgin	eq	2.7.4
pidgin	eq	2.6.0
pidgin	eq	2.7.6
pidgin	eq	2.7.10
pidgin	eq	2.7.3
pidgin	eq	2.6.5
pidgin	eq	2.6.6

Rows per page:

1-10 of 171

References

developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c

developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7

secunia.com/advisories/43695

secunia.com/advisories/43721

secunia.com/advisories/46376

slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884

www.pidgin.im/news/security/?id=51

www.redhat.com/support/errata/RHSA-2011-0616.html

www.redhat.com/support/errata/RHSA-2011-1371.html

www.securityfocus.com/bid/46837

www.vupen.com/english/advisories/2011/0643

www.vupen.com/english/advisories/2011/0661

www.vupen.com/english/advisories/2011/0669