CVE-2011-4602 — Improper Input Validation in Pidgin

CWE-20 — Improper Input Validation8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.5%

top 18.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedDec 17

Latest updateMay 17

Description

The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.10.1-1 (bookworm)

▶Debianpidgin/pidgin< 2.10.1-1+3

▶NVDpidgin/pidgin2.10.0+44

🔴Vulnerability Details

GHSA

GHSA-f6vj-77mr-4rfr: The XMPP protocol plugin in libpurple in Pidgin before 2↗2022-05-17

▶

OSV

CVE-2011-4602: The XMPP protocol plugin in libpurple in Pidgin before 2↗2011-12-17

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2012-07-09

▶

Red Hat

pidgin: Multiple NULL pointer deference flaws by processing certain Jingle stanzas in the XMPP protocol plug-in↗2011-12-10

▶

Debian

CVE-2011-4602: pidgin - The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly ...↗2011

▶

💬Community

Bugzilla

CVE-2011-4601 CVE-2011-4602 CVE-2011-4603 pidgin various flaws [fedora-all]↗2011-12-12

▶

Bugzilla

CVE-2011-4602 pidgin: Multiple NULL pointer deference flaws by processing certain Jingle stanzas in the XMPP protocol plug-in↗2011-12-08

▶