CVE-2007-4996 - libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not

CVE-2007-4996

Summary

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."

References

Vulnerable Configurations

cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 15-10-2018 - 21:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

oval via4

accepted

2013-09-30T04:00:58.605-04:00

class

vulnerability

contributors

name	Shane Shaffer
organization	G2, Inc.

definition_extensions

comment	Pidgin is installed
oval	oval:org.mitre.oval:def:12366

description

family

windows

oval:org.mitre.oval:def:18261

status

accepted

submitted

2013-08-16T15:36:10.221-04:00

title

version

refmap via4

bid	25872
bugtraq	20071003 FLEA-2007-0057-1 pidgin
confirm	http://www.pidgin.im/news/security/?id=23
fedora	FEDORA-2007-2368
secunia	27010 27088
vupen	ADV-2007-3321
xf	pidgin-msn-nudge-dos(36884)

statements via4

contributor	Mark J Cox
lastmodified	2007-10-04
organization	Red Hat
statement	Not vulnerable. These issues did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Last major update

15-10-2018 - 21:39

Published

01-10-2007 - 20:17

Last modified

15-10-2018 - 21:39