FKIE_CVE-2011-4602

Vulnerability from fkie_nvd - Published: 2011-12-17 03:54 - Updated: 2025-04-11 00:51
Severity ?
Summary
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
References
secalert@redhat.comhttp://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6
secalert@redhat.comhttp://pidgin.im/news/security/?id=58
secalert@redhat.comhttp://secunia.com/advisories/47219
secalert@redhat.comhttp://secunia.com/advisories/47234
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1820.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1821.html
secalert@redhat.comhttps://hermes.opensuse.org/messages/13195955
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420
af854a3a-2127-422b-91ae-364da2661108http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6
af854a3a-2127-422b-91ae-364da2661108http://pidgin.im/news/security/?id=58
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47219
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47234
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1820.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1821.html
af854a3a-2127-422b-91ae-364da2661108https://hermes.opensuse.org/messages/13195955
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420
Impacted products
Vendor Product Version
pidgin pidgin *
pidgin pidgin 2.0.0
pidgin pidgin 2.0.1
pidgin pidgin 2.0.2
pidgin pidgin 2.1.0
pidgin pidgin 2.1.1
pidgin pidgin 2.2.0
pidgin pidgin 2.2.1
pidgin pidgin 2.2.2
pidgin pidgin 2.3.0
pidgin pidgin 2.3.1
pidgin pidgin 2.4.0
pidgin pidgin 2.4.1
pidgin pidgin 2.4.2
pidgin pidgin 2.4.3
pidgin pidgin 2.5.0
pidgin pidgin 2.5.1
pidgin pidgin 2.5.2
pidgin pidgin 2.5.3
pidgin pidgin 2.5.4
pidgin pidgin 2.5.5
pidgin pidgin 2.5.6
pidgin pidgin 2.5.7
pidgin pidgin 2.5.8
pidgin pidgin 2.5.9
pidgin pidgin 2.6.0
pidgin pidgin 2.6.1
pidgin pidgin 2.6.2
pidgin pidgin 2.6.3
pidgin pidgin 2.6.4
pidgin pidgin 2.6.5
pidgin pidgin 2.6.6
pidgin pidgin 2.7.1
pidgin pidgin 2.7.2
pidgin pidgin 2.7.3
pidgin pidgin 2.7.4
pidgin pidgin 2.7.5
pidgin pidgin 2.7.6
pidgin pidgin 2.7.7
pidgin pidgin 2.7.8
pidgin pidgin 2.7.9
pidgin pidgin 2.7.10
pidgin pidgin 2.7.11
pidgin pidgin 2.8.0
pidgin pidgin 2.9.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4165F070-EF4D-4CD3-A6EC-5CB96CE9B222",
              "versionEndIncluding": "2.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message."
    },
    {
      "lang": "es",
      "value": "El complemento del protocolo XMPP de libpurple de Pidgin en versiones anteriores a 2.10.1 no maneja apropiadamente campos faltantes en p\u00e1rrafos (1) voice-chat y (2) video-chat, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un mensaje modificado."
    }
  ],
  "id": "CVE-2011-4602",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-17T03:54:45.993",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://pidgin.im/news/security/?id=58"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/47219"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/47234"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/13195955"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://pidgin.im/news/security/?id=58"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/13195955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.