The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 up to and including 2.9.0 in Pidgin prior to 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pidgin libpurple 2.8.0 |
||
pidgin pidgin 2.0.0 |
||
pidgin pidgin 2.2.2 |
||
pidgin pidgin 2.3.0 |
||
pidgin pidgin 2.5.2 |
||
pidgin pidgin 2.5.3 |
||
pidgin pidgin 2.6.0 |
||
pidgin pidgin 2.6.1 |
||
pidgin pidgin 2.7.10 |
||
pidgin pidgin 2.7.11 |
||
pidgin pidgin 2.7.9 |
||
pidgin pidgin 2.0.1 |
||
pidgin pidgin 2.0.2 |
||
pidgin pidgin 2.3.1 |
||
pidgin pidgin 2.4.0 |
||
pidgin pidgin 2.5.4 |
||
pidgin pidgin 2.5.5 |
||
pidgin pidgin 2.6.2 |
||
pidgin pidgin 2.6.4 |
||
pidgin pidgin 2.7.2 |
||
pidgin pidgin 2.7.3 |
||
pidgin pidgin |
||
pidgin pidgin 2.1.0 |
||
pidgin pidgin 2.1.1 |
||
pidgin pidgin 2.4.1 |
||
pidgin pidgin 2.4.2 |
||
pidgin pidgin 2.5.6 |
||
pidgin pidgin 2.5.7 |
||
pidgin pidgin 2.6.5 |
||
pidgin pidgin 2.6.6 |
||
pidgin pidgin 2.7.4 |
||
pidgin pidgin 2.7.5 |
||
pidgin pidgin 2.7.6 |
||
pidgin pidgin 2.8.0 |
||
pidgin libpurple 2.9.0 |
||
pidgin pidgin 2.2.0 |
||
pidgin pidgin 2.2.1 |
||
pidgin pidgin 2.4.3 |
||
pidgin pidgin 2.5.0 |
||
pidgin pidgin 2.5.1 |
||
pidgin pidgin 2.5.8 |
||
pidgin pidgin 2.5.9 |
||
pidgin pidgin 2.7.0 |
||
pidgin pidgin 2.7.1 |
||
pidgin pidgin 2.7.7 |
||
pidgin pidgin 2.7.8 |