Pidgin Yahoo Protocol 'YMSG' NULL Pointer Dereference Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

This host has installed with Pidgin and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to crash the affected application, denying service to legitimate users. Impact Level: Application

Solution

Upgrade to Pidgin version 2.7.11 or later http://pidgin.im/download

Insight

The flaw is due to a NULL pointer dereference error when processing certain YMSG packets, which can be exploited to crash the process by sending specially crafted YMSG packets.

Affected

Pidgin version prior 2.6.0 through 2.7.10 on Windows

References

http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7
http://secunia.com/advisories/43695
http://www.pidgin.im/news/security/?id=51

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1091

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Denial Of Service Vulnerability in PHP April-09
avast! AntiVirus Multiple BOF Vulnerabilities (Linux)
DB2 DOS
DNS Amplification Attacks
Denial of Service (DoS) in Microsoft SMS Client

Pidgin Yahoo Protocol 'YMSG' NULL Pointer Dereference Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities