Pidgin Multiple Denial Of Service Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with Pidgin and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation will allow attacker to crash the affected application, denying service to legitimate users. Impact Level: Application

Solution

Upgrade to Pidgin version 2.10.2 or later, For updates refer to http://pidgin.im/download

Insight

The flaws are due to - A NULL pointer dereference error within the 'get_iter_from_chatbuddy()' function when handling nickname changes in XMPP chat rooms. - An error within the 'msn_oim_report_to_user()' function when handling UTF-8 encoded message.

Affected

Pidgin version prior to 2.10.2 on Windows

References

http://developer.pidgin.im/ticket/14392
http://developer.pidgin.im/ticket/14884
http://pidgin.im/news/security/?id=60
http://pidgin.im/news/security/?id=61
http://secunia.com/advisories/48303/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4939, CVE-2012-1178
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Apple iTunes Multiple Vulnerabilities
ClamAV Prior to 0.96.5 Multiple Vulnerabilities
Apache APR-Utils Multiple Denial of Service Vulnerabilities
Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability
Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability

Pidgin Multiple Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities