Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4996

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4996
Last Modified 02 Nov 2013 10:28:52
Published 01 Oct 2007 04:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4996

Summary

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."

Vulnerable Systems

Application

  • Pidgin 2.2.0


References

CONFIRM - http://www.pidgin.im/news/security/?id=23

SECUNIA - 27010

VUPEN - ADV-2007-3321

XF - pidgin-msn-nudge-dos(36884)

BID - 25872

BUGTRAQ - 20071003 FLEA-2007-0057-1 pidgin

SECUNIA - 27088

FEDORA - FEDORA-2007-2368


Last Updated: 27 May 2016 10:46:02