Summary
This host is installed with Pidgin and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation will allow attacker to crash the affected application, denying service to legitimate users.
Impact Level: Application
Solution
Upgrade to Pidgin version 2.10.2 or later,
For updates refer to http://pidgin.im/download
Insight
The flaws are due to
- A NULL pointer dereference error within the 'get_iter_from_chatbuddy()' function when handling nickname changes in XMPP chat rooms.
- An error within the 'msn_oim_report_to_user()' function when handling UTF-8 encoded message.
Affected
Pidgin version prior to 2.10.2 on Windows
References
Severity
Classification
-
CVE CVE-2011-4939, CVE-2012-1178 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities