CVE-2007-4996 — Improper Input Validation in Pidgin

CWE-20 — Improper Input Validation11 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.6%

top 18.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedOct 1

Latest updateMay 1

Description

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.2.1-1 (bookworm)+1

▶Debianpidgin/pidgin< 2.2.1-1+7

▶NVDpidgin/pidgin2.1.0, 2.2.0, 2.2.1+2

Patches

Patch: secunia.com ↗Patch: www.pidgin.im ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-qcj3-h9mr-5c65: libpurple in Pidgin 2↗2022-05-01

▶

GHSA

GHSA-r9v7-jgpj-m4mq: libpurple in Pidgin before 2↗2022-05-01

▶

OSV

CVE-2007-4999: libpurple in Pidgin 2↗2007-10-29

▶

OSV

CVE-2007-4996: libpurple in Pidgin before 2↗2007-10-01

▶

📋Vendor Advisories

Red Hat

MSN nudges sent from unknown buddies can cause libpurple to crash↗2007-09-27

▶

Debian

CVE-2007-4996: pidgin - libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages fro...↗2007

▶

Debian

CVE-2007-4999: pidgin - libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote ...↗2007

▶

Red Hat

CVE-2007-4999: libpurple in Pidgin 2↗

▶

💬Community

Bugzilla

CVE-2007-4996 MSN nudges sent from unknown buddies can cause libpurple to crash↗2007-10-01

▶