libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Pidgin
  • Pidgin
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
pidgin-0:2.6.6-5.el4_8 cpe:/o:redhat:enterprise_linux:4 RHSA-2010:0788 2010-10-21T00:00:00Z
Red Hat Enterprise Linux 5
pidgin-0:2.6.6-5.el5_5 cpe:/o:redhat:enterprise_linux:5 RHSA-2010:0788 2010-10-21T00:00:00Z
Red Hat Enterprise Linux 6
pidgin-0:2.6.6-6.el6_0 cpe:/o:redhat:enterprise_linux:6 RHSA-2010:0890 2010-11-16T00:00:00Z
References
Link Providers
http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html cve-icon cve-icon
http://pidgin.im/news/security/?id=48 cve-icon cve-icon
http://secunia.com/advisories/41893 cve-icon cve-icon
http://secunia.com/advisories/41899 cve-icon cve-icon
http://secunia.com/advisories/42075 cve-icon cve-icon
http://secunia.com/advisories/42294 cve-icon cve-icon
http://securitytracker.com/id?1024623 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462352 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2010:208 cve-icon cve-icon
http://www.osvdb.org/68773 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0788.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0890.html cve-icon cve-icon
http://www.securityfocus.com/bid/44283 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1014-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2753 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2754 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2755 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2847 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2851 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2870 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=641921 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/62708 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2010-3711 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2010-3711 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-10-27T22:00:00

Updated: 2024-08-07T03:18:52.962Z

Reserved: 2010-10-01T00:00:00

Link: CVE-2010-3711

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2010-10-28T00:00:03.673

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-3711

cve-icon Redhat

Severity : Moderate

Publid Date: 2010-10-20T00:00:00Z

Links: CVE-2010-3711 - Bugzilla