CVE-2011-4603
Priority
Low
Description
The silc_channel_message function in ops.c in the SILC protocol plugin in
libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8
validation on message data, which allows remote attackers to cause a denial
of service (application crash) via a crafted message, a different
vulnerability than CVE-2011-3594.
libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8
validation on message data, which allows remote attackers to cause a denial
of service (application crash) via a crafted message, a different
vulnerability than CVE-2011-3594.
References
Assigned-to
tyhicks
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (1:2.6.6-1ubuntu4.5) |
| Ubuntu 11.04 (Natty Narwhal): | released (1:2.7.11-1ubuntu2.2) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (1:2.10.0-0ubuntu2.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (1:2.10.2-1ubuntu1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (1:2.10.2-1ubuntu1) |
Patches:
| Upstream: | http://hg.pidgin.im/pidgin/main/rev/fa8d4132d071 |
| Vendor: | https://rhn.redhat.com/errata/RHSA-2011-1820.html |