Bug 722939 (CVE-2011-2943) - CVE-2011-2943 pidgin: Crash in IRC protocol plug-in by listing set of users (/who command) upon session startup
Summary: CVE-2011-2943 pidgin: Crash in IRC protocol plug-in by listing set of users (...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-2943
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20110720,reported=20110716,sou...
Depends On: 732410
Blocks: 722946
TreeView+ depends on / blocked
 
Reported: 2011-07-18 14:39 UTC by Jan Lieskovsky
Modified: 2019-06-08 18:52 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-22 15:12:46 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2011-07-18 14:39:49 UTC
A NULL pointer dereference flaw was found in the way IRC protocol plug-in of the Pidgin multiprotocol instant messaging client processed certain nick names, when list set of users (/who command) was issued upon user session startup and connecting user has had certain encoding configuration setup. A remote attacker could use a specially-crafted string as their nickname to cause the Pidgin client on the side of the victim (connecting user) to crash.

Upstream bug report:
[1] http://developer.pidgin.im/ticket/14341

Acknowledgements:

Red Hat would like to thank the Pidgin project for reporting this issue.

Comment 1 Jan Lieskovsky 2011-07-18 14:41:38 UTC
This issue did NOT affect the versions of the pidgin package, as shipped with
Red Hat Enterprise Linux 4, 5, or 6.

--

This issue affects the versions of the pidgin package, as shipped with Fedora release of 14 and 15.

Comment 6 Jan Lieskovsky 2011-07-18 14:55:35 UTC
Statement:

Not vulnerable. This issue did not affect the versions of pidgin as
shipped with Red Hat Enterprise Linux 4, 5, or 6 as they contained a version of pidgin that did not support /who IRC protocol command.

Comment 8 Huzaifa S. Sidhpurwala 2011-08-22 10:55:54 UTC
Created pidgin tracking bugs for this issue

Affects: fedora-all [bug 732410]


Note You need to log in before you can comment on or make changes to this bug.