ID CVE-2007-4996
Summary libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
References
Vulnerable Configurations
  • cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 15-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
oval via4
accepted 2013-09-30T04:00:58.605-04:00
class vulnerability
contributors
name Shane Shaffer
organization G2, Inc.
definition_extensions
comment Pidgin is installed
oval oval:org.mitre.oval:def:12366
description libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
family windows
id oval:org.mitre.oval:def:18261
status accepted
submitted 2013-08-16T15:36:10.221-04:00
title libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
version 4
refmap via4
bid 25872
bugtraq 20071003 FLEA-2007-0057-1 pidgin
confirm http://www.pidgin.im/news/security/?id=23
fedora FEDORA-2007-2368
secunia
  • 27010
  • 27088
vupen ADV-2007-3321
xf pidgin-msn-nudge-dos(36884)
statements via4
contributor Mark J Cox
lastmodified 2007-10-04
organization Red Hat
statement Not vulnerable. These issues did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 15-10-2018 - 21:39
Published 01-10-2007 - 20:17
Back to Top