CVE-2011-2943

The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
pidginlibpurple
2.8.0
pidginlibpurple
2.9.0
pidginpidgin
𝑥
≤ 2.9.0
pidginpidgin
2.0.0
pidginpidgin
2.0.1
pidginpidgin
2.0.2
pidginpidgin
2.1.0
pidginpidgin
2.1.1
pidginpidgin
2.2.0
pidginpidgin
2.2.1
pidginpidgin
2.2.2
pidginpidgin
2.3.0
pidginpidgin
2.3.1
pidginpidgin
2.4.0
pidginpidgin
2.4.1
pidginpidgin
2.4.2
pidginpidgin
2.4.3
pidginpidgin
2.5.0
pidginpidgin
2.5.1
pidginpidgin
2.5.2
pidginpidgin
2.5.3
pidginpidgin
2.5.4
pidginpidgin
2.5.5
pidginpidgin
2.5.6
pidginpidgin
2.5.7
pidginpidgin
2.5.8
pidginpidgin
2.5.9
pidginpidgin
2.6.0
pidginpidgin
2.6.1
pidginpidgin
2.6.2
pidginpidgin
2.6.4
pidginpidgin
2.6.5
pidginpidgin
2.6.6
pidginpidgin
2.7.0
pidginpidgin
2.7.1
pidginpidgin
2.7.2
pidginpidgin
2.7.3
pidginpidgin
2.7.4
pidginpidgin
2.7.5
pidginpidgin
2.7.6
pidginpidgin
2.7.7
pidginpidgin
2.7.8
pidginpidgin
2.7.9
pidginpidgin
2.7.10
pidginpidgin
2.7.11
pidginpidgin
2.8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bullseye
2.14.1-1
fixed
squeeze
not-affected
lenny
not-affected
bookworm
2.14.12-1
fixed
sid
2.14.13-2
fixed
trixie
2.14.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pidgin
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
ignored
References
http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c
http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43
http://pidgin.im/news/security/?id=53
http://secunia.com/advisories/45663
http://secunia.com/advisories/45916
http://securitytracker.com/id?1025961
http://www.openwall.com/lists/oss-security/2011/08/20/2
http://www.openwall.com/lists/oss-security/2011/08/22/2
http://www.securityfocus.com/bid/49268
https://bugzilla.redhat.com/show_bug.cgi?id=722939
https://exchange.xforce.ibmcloud.com/vulnerabilities/69340
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005
http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c
http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43
http://pidgin.im/news/security/?id=53
http://secunia.com/advisories/45663
http://secunia.com/advisories/45916
http://securitytracker.com/id?1025961
http://www.openwall.com/lists/oss-security/2011/08/20/2
http://www.openwall.com/lists/oss-security/2011/08/22/2
http://www.securityfocus.com/bid/49268
https://bugzilla.redhat.com/show_bug.cgi?id=722939
https://exchange.xforce.ibmcloud.com/vulnerabilities/69340
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005