CVE-2011-4922 — Sensitive Information Exposure in Pidgin

CWE-200 — Sensitive Information Exposure7 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 70.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedAug 8

Latest updateMay 17

Description

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.7.11-1 (bookworm)

▶Debianpidgin/pidgin< 2.7.11-1+3

▶NVDpidgin/pidgin2.7.9+44

Patches

Patch: hg.pidgin.im ↗Patch: hg.pidgin.im ↗

🔴Vulnerability Details

GHSA

GHSA-g255-9j94-9w77: cipher↗2022-05-17

▶

OSV

CVE-2011-4922: cipher↗2012-08-08

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2012-07-09

▶

Red Hat

Cipher API information disclosure in pidgin↗2011-02-10

▶

Debian

CVE-2011-4922: pidgin - cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encrypti...↗2011

▶

💬Community

Bugzilla

CVE-2011-4922 Cipher API information disclosure in pidgin↗2011-03-14

▶