CVE-2011-4922 (retired)

Priority
Description
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains
encryption-key data in process memory, which might allow local users to
obtain sensitive information by reading a core file or other representation
of memory contents.
It was discovered that libpurple versions prior to 2.7.10 do not properly
clear certain data structures used in libpurple/cipher.c prior to freeing. An
attacker could potentially extract partial information from memory regions
freed by libpurple.
Assigned-to
tyhicks
Package
Upstream:released (2.7.10-1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1:2.10.1-1ubuntu1)
Patches:
Upstream:http://hg.pidgin.im/pidgin/main/rev/8c850977cb42
More Information

Updated: 2019-03-26 11:59:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)