CVE-2011-1091

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Pidgin versions 2.6.0 through 2.7.10

Description The issue allows remote authenticated users to cause a denial of service through malformed YMSG notification packets, resulting in a NULL pointer dereference and application crash. Additionally, it enables remote Yahoo! servers to cause a denial of service via malformed YMSG SMS messages, also leading to a NULL pointer dereference and application crash.

Recommendations For versions 2.6.0 through 2.7.10, consider disabling the libymsg.c plugin in the Yahoo! protocol until a patch is available to prevent exploitation through malformed YMSG notification packets and SMS messages.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-1091

OPENSUSE-SU-2024:10432-1

RHSA-2011:0616

RHSA-2011:1371

RHSA-2011_0616

RHSA-2011_1371

Affected Products

Pidgin

Red Hat

CVE-2011-1091

Related Identifiers

Affected Products

References · 33