CVE-2011-2943
Published: 29 August 2011
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
Notes
Author | Note |
---|---|
mdeslaur | natty and older don't support WHO |
Priority
Status
Package | Release | Status |
---|---|---|
pidgin Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(code not present)
|
|
maverick |
Not vulnerable
(code not present)
|
|
natty |
Not vulnerable
(code not present)
|
|
oneiric |
Not vulnerable
(1:2.10.0-0ubuntu2)
|
|
upstream |
Released
(2.10.0-1)
|
|
Patches: other: http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43 |