Denial Of Service (DoS)

2020-04-1000:55:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

pidgin is vulnerable to denial of service (DoS). The vulnerability exists as multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message.

CPENameOperatorVersion
pidgineq2.5.2__6.el5
pidgineq2.6.6__5.el6
pidgineq2.5.9__1.el5
pidgineq2.5.8__1.el5
pidgineq2.6.6__2.el4_8
pidgineq2.6.5__1.el5
pidgineq2.3.1__2.el4
pidgineq2.6.3__2.el4
pidgineq2.5.9__1.el4
pidgineq2.6.6__1.el4

Name	Operator	Version
pidgin	eq	2.5.2__6.el5
pidgin	eq	2.6.6__5.el6
pidgin	eq	2.5.9__1.el5
pidgin	eq	2.5.8__1.el5
pidgin	eq	2.6.6__2.el4_8
pidgin	eq	2.6.5__1.el5
pidgin	eq	2.3.1__2.el4
pidgin	eq	2.6.3__2.el4
pidgin	eq	2.5.9__1.el4
pidgin	eq	2.6.6__1.el4

Rows per page:

1-10 of 581

References

developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c

developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7

developer.pidgin.im/wiki/ChangeLog

lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html

secunia.com/advisories/43695

secunia.com/advisories/43721

secunia.com/advisories/46376

slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884

www.pidgin.im/news/security/?id=51

www.redhat.com/support/errata/RHSA-2011-0616.html

www.redhat.com/support/errata/RHSA-2011-1371.html

www.securityfocus.com/bid/46837