CVE-2011-4603

Priority
Low
Description
The silc_channel_message function in ops.c in the SILC protocol plugin in
libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8
validation on message data, which allows remote attackers to cause a denial
of service (application crash) via a crafted message, a different
vulnerability than CVE-2011-3594.
References
Bugs
Assigned-to
tyhicks
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (1:2.6.6-1ubuntu4.5)
Ubuntu 11.04 (Natty Narwhal):released (1:2.7.11-1ubuntu2.2)
Ubuntu 11.10 (Oneiric Ocelot):released (1:2.10.0-0ubuntu2.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1:2.10.2-1ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1:2.10.2-1ubuntu1)
Patches:
Upstream:http://hg.pidgin.im/pidgin/main/rev/fa8d4132d071
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1820.html
More Information

Valid XHTML 1.0 Strict

Updated: 2012-07-09 21:14:25 UTC (commit 5485)