Pidgin Yahoo Protocol 'YMSG' NULL Pointer Dereference Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

This host has installed with Pidgin and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to crash the affected application, denying service to legitimate users. Impact Level: Application

Solution

Upgrade to Pidgin version 2.7.11 or later http://pidgin.im/download

Insight

The flaw is due to a NULL pointer dereference error when processing certain YMSG packets, which can be exploited to crash the process by sending specially crafted YMSG packets.

Affected

Pidgin version prior 2.6.0 through 2.7.10 on Windows

References

http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7
http://secunia.com/advisories/43695
http://www.pidgin.im/news/security/?id=51

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1091
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win)
ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability
Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)

Pidgin Yahoo Protocol 'YMSG' NULL Pointer Dereference Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities