|Bugzilla:||683031: CVE-2011-1091 Pidgin: Multiple NULL pointer dereference flaws in Yahoo protocol plug-in|
The MITRE CVE dictionary describes this issue as:
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.
This issue affects the versions of pidgin package as shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|RHEL Desktop Workstation version 5 (pidgin)||RHSA-2011:1371||October 14, 2011|
|RHEL Optional Productivity Applications version 5 (pidgin)||RHSA-2011:1371||October 14, 2011|
|Red Hat Enterprise Linux version 4 (pidgin)||RHSA-2011:1371||October 14, 2011|
|Red Hat Enterprise Linux version 6 (pidgin)||RHSA-2011:0616||May 19, 2011|
Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Marius Wachtler as the original reporter.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.