CVE-2011-4601Improper Input Validation in Pidgin

CWE-20Improper Input Validation8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
3.8%
top 11.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PidginDebian Pidgin
Timeline
PublishedDec 25
Latest updateMay 17

Description

family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/pidgin< pidgin 2.10.1-1 (bookworm)
Debianpidgin/pidgin< 2.10.1-1+3
NVDpidgin/pidgin2.10.0+44

🔴Vulnerability Details

2
GHSA
GHSA-j8rm-cj64-mfw6: family_feedbag2022-05-17
OSV
CVE-2011-4601: family_feedbag2011-12-25

📋Vendor Advisories

3
Ubuntu
Pidgin vulnerabilities2012-07-09
Red Hat
(libpurple): Invalid UTF-8 string handling in OSCAR messages2011-12-10
Debian
CVE-2011-4601: pidgin - family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10...2011

💬Community

2
Bugzilla
CVE-2011-4601 CVE-2011-4602 CVE-2011-4603 pidgin various flaws [fedora-all]2011-12-12
Bugzilla
CVE-2011-4601 pidgin (libpurple): Invalid UTF-8 string handling in OSCAR messages2011-12-08