CVE-2011-4603 — Improper Input Validation in Pidgin

CWE-20 — Improper Input Validation8 documents7 sources

Severity

5.0MEDIUMNVD

OSV4.3

EPSS

1.2%

top 21.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedDec 17

Latest updateMay 17

Description

The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.10.1-1 (bookworm)

▶Debianpidgin/pidgin< 2.10.1-1+3

▶NVDpidgin/pidgin2.10.0+44

Patches

Patch: developer.pidgin.im ↗Patch: www.pidgin.im ↗Patch: developer.pidgin.im ↗

🔴Vulnerability Details

GHSA

GHSA-6f79-g335-f9mf: The silc_channel_message function in ops↗2022-05-17

▶

OSV

CVE-2011-4603: The silc_channel_message function in ops↗2011-12-17

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2012-07-09

▶

Red Hat

pidgin: SILC remote crash on channel messages↗2011-12-11

▶

Debian

CVE-2011-4603: pidgin - The silc_channel_message function in ops.c in the SILC protocol plugin in libpur...↗2011

▶

💬Community

Bugzilla

CVE-2011-4603 pidgin: SILC remote crash on channel messages↗2011-12-12

▶

Bugzilla

CVE-2011-4601 CVE-2011-4602 CVE-2011-4603 pidgin various flaws [fedora-all]↗2011-12-12

▶