Red Hat Customer Portal

Skip to main content

CVE-2012-6152

The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.

Details Source

Mitre

Public Date

2014-01-28 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-6152 pidgin: DoS when decoding non-UTF-8 strings in Yahoo protocol plugin

Bugzilla ID

1 056 473

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

Acknowledgements

Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Thijs Alkemade and Robert Vehse as the original reporters of this issue.

External References

http://pidgin.im/news/security/?id=70

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (pidgin) RHSA-2014:0139 2014-02-05
Red Hat Enterprise Linux 5 (pidgin) RHSA-2014:0139 2014-02-05

CWE

CWE-172

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 pidgin Not affected