FKIE_CVE-2011-4601

Vulnerability from fkie_nvd - Published: 2011-12-25 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
References
secalert@redhat.comhttp://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c
secalert@redhat.comhttp://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3
secalert@redhat.comhttp://pidgin.im/news/security/?id=57Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/47219
secalert@redhat.comhttp://secunia.com/advisories/47234
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:183
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/12/10/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/12/10/2
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1820.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1821.html
secalert@redhat.comhttp://www.securityfocus.com/bid/51010
secalert@redhat.comhttps://hermes.opensuse.org/messages/13195955
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408
af854a3a-2127-422b-91ae-364da2661108http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c
af854a3a-2127-422b-91ae-364da2661108http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3
af854a3a-2127-422b-91ae-364da2661108http://pidgin.im/news/security/?id=57Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47219
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47234
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:183
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/12/10/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/12/10/2
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1820.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1821.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51010
af854a3a-2127-422b-91ae-364da2661108https://hermes.opensuse.org/messages/13195955
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408
Impacted products
Vendor Product Version
pidgin pidgin *
pidgin pidgin 2.0.0
pidgin pidgin 2.0.1
pidgin pidgin 2.0.2
pidgin pidgin 2.1.0
pidgin pidgin 2.1.1
pidgin pidgin 2.2.0
pidgin pidgin 2.2.1
pidgin pidgin 2.2.2
pidgin pidgin 2.3.0
pidgin pidgin 2.3.1
pidgin pidgin 2.4.0
pidgin pidgin 2.4.1
pidgin pidgin 2.4.2
pidgin pidgin 2.4.3
pidgin pidgin 2.5.0
pidgin pidgin 2.5.1
pidgin pidgin 2.5.2
pidgin pidgin 2.5.3
pidgin pidgin 2.5.4
pidgin pidgin 2.5.5
pidgin pidgin 2.5.6
pidgin pidgin 2.5.7
pidgin pidgin 2.5.8
pidgin pidgin 2.5.9
pidgin pidgin 2.6.0
pidgin pidgin 2.6.1
pidgin pidgin 2.6.2
pidgin pidgin 2.6.3
pidgin pidgin 2.6.4
pidgin pidgin 2.6.5
pidgin pidgin 2.6.6
pidgin pidgin 2.7.1
pidgin pidgin 2.7.2
pidgin pidgin 2.7.3
pidgin pidgin 2.7.4
pidgin pidgin 2.7.5
pidgin pidgin 2.7.6
pidgin pidgin 2.7.7
pidgin pidgin 2.7.8
pidgin pidgin 2.7.9
pidgin pidgin 2.7.10
pidgin pidgin 2.7.11
pidgin pidgin 2.8.0
pidgin pidgin 2.9.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4165F070-EF4D-4CD3-A6EC-5CB96CE9B222",
              "versionEndIncluding": "2.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition."
    },
    {
      "lang": "es",
      "value": "family_feedbag.c en el protocolo oscar en el plugin libpurple en Pidgin anterior a v2.10.1 no lleva a cabo la validaci\u00f3n UTF-8 en los mensajes de datos, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un mensaje elaborado (1) AIM o (2) ICQ asociado con la adici\u00f3n de lista de amigos."
    }
  ],
  "id": "CVE-2011-4601",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-25T01:55:02.130",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://pidgin.im/news/security/?id=57"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/47219"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/47234"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/12/10/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/12/10/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/51010"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/13195955"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://developer.pidgin.im/viewmtn/revision/diff/bc79b1bf09dcfa1d8edac86a06761fce7416e69c/with/757272a78a8ca6027d518e614712c3399e34dda3/libpurple/protocols/oscar/family_feedbag.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://developer.pidgin.im/viewmtn/revision/info/757272a78a8ca6027d518e614712c3399e34dda3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://pidgin.im/news/security/?id=57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/12/10/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/12/10/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/13195955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.