Candidate: CVE-2011-2943
PublicDate: 2011-08-29 17:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2943
 http://www.openwall.com/lists/oss-security/2011/08/22/1
 http://pidgin.im/news/security/?id=53
Description:
 The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple
 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate
 characters in nicknames, which allows user-assisted remote attackers to
 cause a denial of service (NULL pointer dereference and application crash)
 via a crafted nickname that is not properly handled in a WHO response.
Ubuntu-Description: 
Notes: 
 mdeslaur> natty and older don't support WHO
Bugs: 
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_pidgin:
 other: http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43
upstream_pidgin: released (2.10.0-1)
hardy_pidgin: ignored (reached end-of-life)
lucid_pidgin: not-affected (code not present)
maverick_pidgin: not-affected (code not present)
natty_pidgin: not-affected (code not present)
oneiric_pidgin: not-affected (1:2.10.0-0ubuntu2)
devel_pidgin: not-affected (1:2.10.0-0ubuntu2)