CVE-2011-1091

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
pidginpidgin
2.6.0
pidginpidgin
2.6.1
pidginpidgin
2.6.2
pidginpidgin
2.6.4
pidginpidgin
2.6.5
pidginpidgin
2.6.6
pidginpidgin
2.7.0
pidginpidgin
2.7.1
pidginpidgin
2.7.2
pidginpidgin
2.7.3
pidginpidgin
2.7.4
pidginpidgin
2.7.5
pidginpidgin
2.7.6
pidginpidgin
2.7.7
pidginpidgin
2.7.8
pidginpidgin
2.7.9
pidginpidgin
2.7.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bullseye
2.14.1-1
fixed
lenny
no-dsa
squeeze
no-dsa
bookworm
2.14.12-1
fixed
sid
2.14.13-2
fixed
trixie
2.14.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pidgin
oneiric
Fixed 1:2.7.11-1ubuntu1
released
natty
Fixed 1:2.7.11-1ubuntu1
released
maverick
Fixed 1:2.7.3-1ubuntu3.3
released
lucid
Fixed 1:2.6.6-1ubuntu4.4
released
karmic
ignored
hardy
ignored
dapper
dne
References
http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c
http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html
http://secunia.com/advisories/43695
http://secunia.com/advisories/43721
http://secunia.com/advisories/46376
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884
http://www.pidgin.im/news/security/?id=51
http://www.redhat.com/support/errata/RHSA-2011-0616.html
http://www.redhat.com/support/errata/RHSA-2011-1371.html
http://www.securityfocus.com/bid/46837
http://www.vupen.com/english/advisories/2011/0643
http://www.vupen.com/english/advisories/2011/0661
http://www.vupen.com/english/advisories/2011/0669
http://www.vupen.com/english/advisories/2011/0703
https://bugzilla.redhat.com/show_bug.cgi?id=683031
https://exchange.xforce.ibmcloud.com/vulnerabilities/66055
https://hermes.opensuse.org/messages/13195955
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402
http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c
http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html
http://secunia.com/advisories/43695
http://secunia.com/advisories/43721
http://secunia.com/advisories/46376
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884
http://www.pidgin.im/news/security/?id=51
http://www.redhat.com/support/errata/RHSA-2011-0616.html
http://www.redhat.com/support/errata/RHSA-2011-1371.html
http://www.securityfocus.com/bid/46837
http://www.vupen.com/english/advisories/2011/0643
http://www.vupen.com/english/advisories/2011/0661
http://www.vupen.com/english/advisories/2011/0669
http://www.vupen.com/english/advisories/2011/0703
https://bugzilla.redhat.com/show_bug.cgi?id=683031
https://exchange.xforce.ibmcloud.com/vulnerabilities/66055
https://hermes.opensuse.org/messages/13195955
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402