PT-2011-4194 · Pidgin · Pidgin
Jan Lieskovsky
·
Published
2011-08-29
·
Updated
2017-09-19
·
CVE-2011-2943
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Pidgin versions 2.8.0 through 2.9.0
Description
The issue arises from the irc msg who function in the IRC protocol plugin, which fails to properly validate characters in nicknames. This allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, by using a crafted nickname in a WHO response.
Recommendations
For versions 2.8.0 through 2.9.0, update to version 2.10.0 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pidgin