5

CVE-2011-4601

family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PidginPidgin Version <= 2.10.0
PidginPidgin Version2.0.0
PidginPidgin Version2.0.1
PidginPidgin Version2.0.2
PidginPidgin Version2.1.0
PidginPidgin Version2.1.1
PidginPidgin Version2.2.0
PidginPidgin Version2.2.1
PidginPidgin Version2.2.2
PidginPidgin Version2.3.0
PidginPidgin Version2.3.1
PidginPidgin Version2.4.0
PidginPidgin Version2.4.1
PidginPidgin Version2.4.2
PidginPidgin Version2.4.3
PidginPidgin Version2.5.0
PidginPidgin Version2.5.1
PidginPidgin Version2.5.2
PidginPidgin Version2.5.3
PidginPidgin Version2.5.4
PidginPidgin Version2.5.5
PidginPidgin Version2.5.6
PidginPidgin Version2.5.7
PidginPidgin Version2.5.8
PidginPidgin Version2.5.9
PidginPidgin Version2.6.0
PidginPidgin Version2.6.1
PidginPidgin Version2.6.2
PidginPidgin Version2.6.3
PidginPidgin Version2.6.4
PidginPidgin Version2.6.5
PidginPidgin Version2.6.6
PidginPidgin Version2.7.1
PidginPidgin Version2.7.2
PidginPidgin Version2.7.3
PidginPidgin Version2.7.4
PidginPidgin Version2.7.5
PidginPidgin Version2.7.6
PidginPidgin Version2.7.7
PidginPidgin Version2.7.8
PidginPidgin Version2.7.9
PidginPidgin Version2.7.10
PidginPidgin Version2.7.11
PidginPidgin Version2.8.0
PidginPidgin Version2.9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.7% 0.906
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://hermes.opensuse.org/messages/13195955
http://www.mandriva.com/security/advisories?name=MDVSA-2011:183
http://secunia.com/advisories/47219
http://secunia.com/advisories/47234
http://www.redhat.com/support/errata/RHSA-2011-1820.html
http://www.redhat.com/support/errata/RHSA-2011-1821.html
http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c
http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3
http://pidgin.im/news/security/?id=57
Vendor Advisory
http://www.openwall.com/lists/oss-security/2011/12/10/1
http://www.openwall.com/lists/oss-security/2011/12/10/2
http://www.securityfocus.com/bid/51010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408