CVE-2011-1091

Published: Mar 14, 2011Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.

Affected (17)

Products: Pidgin: Pidgin

1 product

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Pidgin Pidgin	Version 2.6.0
Pidgin Pidgin	Version 2.6.1
Pidgin Pidgin	Version 2.6.2
Pidgin Pidgin	Version 2.6.4
Pidgin Pidgin	Version 2.6.5
Pidgin Pidgin	Version 2.6.6
Pidgin Pidgin	Version 2.7.0
Pidgin Pidgin	Version 2.7.10
Pidgin Pidgin	Version 2.7.1
Pidgin Pidgin	Version 2.7.2
Pidgin Pidgin	Version 2.7.3
Pidgin Pidgin	Version 2.7.4
Pidgin Pidgin	Version 2.7.5
Pidgin Pidgin	Version 2.7.6
Pidgin Pidgin	Version 2.7.7
Pidgin Pidgin	Version 2.7.8
Pidgin Pidgin	Version 2.7.9

References (40)

http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c

Source: secalert@redhat.com

Patch

http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7

Source: secalert@redhat.com

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html

Source: secalert@redhat.com

http://secunia.com/advisories/43695

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/43721

Source: secalert@redhat.com

http://secunia.com/advisories/46376

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884

Source: secalert@redhat.com

http://www.pidgin.im/news/security/?id=51

Source: secalert@redhat.com

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2011-0616.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2011-1371.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/46837

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0643

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0661

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0669

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0703

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=683031

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/66055

Source: secalert@redhat.com

https://hermes.opensuse.org/messages/13195955

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402

Source: secalert@redhat.com

http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43695

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43721

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/46376

Source: af854a3a-2127-422b-91ae-364da2661108

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.pidgin.im/news/security/?id=51

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2011-0616.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-1371.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/46837

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0643

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0661

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0669

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0703

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=683031

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/66055

Source: af854a3a-2127-422b-91ae-364da2661108

https://hermes.opensuse.org/messages/13195955

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.