Denial of Service Vulnerability in Pidgin's IRC Protocol Plugin
CVE-2011-2943

Currently unrated

Key Information:

Vendor

Pidgin

Status
Pidgin
Libpurple
Vendor
CVE Published:
29 August 2011

What is CVE-2011-2943?

The irc_msg_who function in the IRC protocol plugin of libpurple prior to version 2.10.0 is vulnerable to a denial of service attack. This flaw arises from insufficient validation of characters in nicknames, which can let user-assisted remote attackers manipulate the application. By sending a specially crafted nickname, an attacker may trigger a NULL pointer dereference, leading to an application crash during the handling of a WHO response.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://pidgin.im/news/security/?id=53
x_refsource_CONFIRM
http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2011/08/22/2
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.