FKIE_CVE-2011-4603

Vulnerability from fkie_nvd - Published: 2011-12-17 03:54 - Updated: 2025-04-11 00:51
Severity ?
Summary
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.
References
secalert@redhat.comhttp://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.cPatch
secalert@redhat.comhttp://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1
secalert@redhat.comhttp://secunia.com/advisories/47234
secalert@redhat.comhttp://www.pidgin.im/news/security/?id=59Patch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1820.html
secalert@redhat.comhttp://www.securityfocus.com/bid/51074
secalert@redhat.comhttps://hermes.opensuse.org/messages/13195955
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303
af854a3a-2127-422b-91ae-364da2661108http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.cPatch
af854a3a-2127-422b-91ae-364da2661108http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47234
af854a3a-2127-422b-91ae-364da2661108http://www.pidgin.im/news/security/?id=59Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1820.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51074
af854a3a-2127-422b-91ae-364da2661108https://hermes.opensuse.org/messages/13195955
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303
Impacted products
Vendor Product Version
pidgin pidgin *
pidgin pidgin 2.0.0
pidgin pidgin 2.0.1
pidgin pidgin 2.0.2
pidgin pidgin 2.1.0
pidgin pidgin 2.1.1
pidgin pidgin 2.2.0
pidgin pidgin 2.2.1
pidgin pidgin 2.2.2
pidgin pidgin 2.3.0
pidgin pidgin 2.3.1
pidgin pidgin 2.4.0
pidgin pidgin 2.4.1
pidgin pidgin 2.4.2
pidgin pidgin 2.4.3
pidgin pidgin 2.5.0
pidgin pidgin 2.5.1
pidgin pidgin 2.5.2
pidgin pidgin 2.5.3
pidgin pidgin 2.5.4
pidgin pidgin 2.5.5
pidgin pidgin 2.5.6
pidgin pidgin 2.5.7
pidgin pidgin 2.5.8
pidgin pidgin 2.5.9
pidgin pidgin 2.6.0
pidgin pidgin 2.6.1
pidgin pidgin 2.6.2
pidgin pidgin 2.6.3
pidgin pidgin 2.6.4
pidgin pidgin 2.6.5
pidgin pidgin 2.6.6
pidgin pidgin 2.7.1
pidgin pidgin 2.7.2
pidgin pidgin 2.7.3
pidgin pidgin 2.7.4
pidgin pidgin 2.7.5
pidgin pidgin 2.7.6
pidgin pidgin 2.7.7
pidgin pidgin 2.7.8
pidgin pidgin 2.7.9
pidgin pidgin 2.7.10
pidgin pidgin 2.7.11
pidgin pidgin 2.8.0
pidgin pidgin 2.9.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4165F070-EF4D-4CD3-A6EC-5CB96CE9B222",
              "versionEndIncluding": "2.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E593BFF0-650E-4EDB-BF65-C509C8A807C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39468D5-1378-4441-B927-5C34C85B18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80012AD-8F49-4287-8AEC-C21AC5774CA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB3CF0C-BECE-4685-A370-96424B0A5703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5BC0FC-2F7D-41BE-83E4-AEDACD71F427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB3EA73-7CF5-4010-9346-25C728E5225E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE026B2-73D6-43AD-9003-B159992D0323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACCCDDDA-58C9-443A-9D7F-44D362E363C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AC30F6B-4170-4FBF-AA69-B6BBE25EC3C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n silc_channel_message de ops.c del complemento del protocolo SILC de libpurple de Pidgin en versiones anteriores 2.10.1 no realiza la validaci\u00f3n prevista UTF-8 en los datos del mensaje, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un mensaje modificado. Una vulnerabilidad distinta a la CVE-2011-3594."
    }
  ],
  "id": "CVE-2011-4603",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-17T03:54:46.120",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/47234"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.pidgin.im/news/security/?id=59"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/51074"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/13195955"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.pidgin.im/news/security/?id=59"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/13195955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.