CVE-2011-1091

Published Mar 14, 2011

Last updated 3 months ago

CVSS info 4.0

Overview

Description: libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8321D92-B935-4C2A-81B1-5984BFF4FD57"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43679F1D-E48D-483B-A67B-9DB8C641F649"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00032CBA-479E-4880-ACAE-3B0F066C8146"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B11BCF7-3127-4B2E-967F-2B22A229592E"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66E89655-FE9E-4B05-8DF9-59894B81B6D2"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B9A75D8-CFA6-4605-A0CB-AA5EA2FA8316"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD841629-4ADC-4122-A7E1-AED505E48150"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A539AD7F-4D84-4F80-844E-0404813C9384"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A55F197-5A6E-48EE-8BB1-C75C19DCBE4E"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE9D5D3E-2565-42CD-9254-F7E5B1980F7A"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DFC5300-4BF5-4204-8A6C-0B86998022D9"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02865EB9-AFA1-4584-B487-D510350F82D9"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E00006E6-1999-4967-8BE9-2B7265F3E6F8"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61BD8C57-DD49-44C1-BD0A-0A1210C1BE57"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF5CD573-D9CE-41E6-8FAB-7DBEA4E545F1"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2389B152-70AC-47A7-BDAE-3A7F0550E6C0"
          },
          {
            "criteria": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A81DAE1-4633-46A9-8DC9-42E6EC1D641B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References