Vulnerabilities > CVE-2007-4996 - Remote Denial Of Service vulnerability in Pidgin 2.2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Fedora Local Security Checks |
NASL id | FEDORA_2007-2368.NASL |
description | Minor DOS fix and a great many other bug fixes in upstream |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 27770 |
published | 2007-11-06 |
reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/27770 |
title | Fedora 7 : pidgin-2.2.1-1.fc7 (2007-2368) |
code |
|
Oval
accepted | 2013-09-30T04:00:58.605-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
definition_extensions |
| ||||
description | libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." | ||||
family | windows | ||||
id | oval:org.mitre.oval:def:18261 | ||||
status | accepted | ||||
submitted | 2013-08-16T15:36:10.221-04:00 | ||||
title | libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." | ||||
version | 4 |
Statements
contributor | Mark J Cox |
lastmodified | 2007-10-04 |
organization | Red Hat |
statement | Not vulnerable. These issues did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
References
- http://fedoranews.org/updates/FEDORA-2007-236.shtml
- http://secunia.com/advisories/27010
- http://secunia.com/advisories/27088
- http://www.pidgin.im/news/security/?id=23
- http://www.securityfocus.com/archive/1/481402/100/0/threaded
- http://www.securityfocus.com/bid/25872
- http://www.vupen.com/english/advisories/2007/3321
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36884
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261