[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-4603

Date: (C)2011-12-16   (M)2017-11-17 


The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.

CVSS Score: 5.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL





Reference:
SECUNIA-47234
BID-51074
RHSA-2011:1820
http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c
http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1
http://www.pidgin.im/news/security/?id=59
openSUSE-SU-2012:0066

CPE    44
cpe:/a:pidgin:pidgin:2.7.9
cpe:/a:pidgin:pidgin:2.1.0
cpe:/a:pidgin:pidgin:2.1.1
cpe:/a:pidgin:pidgin:2.3.0
...
CWE    1
CWE-20
OVAL    17
oval:org.secpod.oval:def:3518
oval:org.secpod.oval:def:201571
oval:org.secpod.oval:def:201610
oval:org.secpod.oval:def:103570
...

© 2013 SecPod Technologies