CVE-2012-2369
Published: 23 May 2012
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.
Notes
Author | Note |
---|---|
sbeattie | should be mitigated by -D_FORTIFY_SOURCE=2 |
Priority
Status
Package | Release | Status |
---|---|---|
pidgin-otr Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(3.2.0-5ubuntu0.10.04.1)
|
|
natty |
Released
(3.2.0-5ubuntu0.11.04.1)
|
|
oneiric |
Released
(3.2.0-5ubuntu0.11.14.1)
|
|
precise |
Released
(3.2.0-5ubuntu0.12.04.1)
|
|
upstream |
Released
(3.2.1)
|
|
Patches: upstream: http://lists.cypherpunks.ca/pipermail/otr-announce/2012-May/000026.html |