{ "threat_severity" : "Low", "public_date" : "2011-03-10T00:00:00Z", "bugzilla" : { "description" : "Pidgin: Multiple NULL pointer dereference flaws in Yahoo protocol plug-in", "id" : "683031", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=683031" }, "cvss" : { "cvss_base_score" : "3.5", "cvss_scoring_vector" : "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message." ], "statement" : "This issue affects the versions of pidgin package as shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "acknowledgement" : "Red Hat would like to thank Pidgin project for reporting this issue. Upstream acknowledges Marius Wachtler as the original reporter.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2011-10-14T00:00:00Z", "advisory" : "RHSA-2011:1371", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "pidgin-0:2.6.6-7.el4" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2011-10-14T00:00:00Z", "advisory" : "RHSA-2011:1371", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "pidgin-0:2.6.6-5.el5_7.1" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2011-05-19T00:00:00Z", "advisory" : "RHSA-2011:0616", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "pidgin-0:2.7.9-3.el6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-1091\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1091" ], "name" : "CVE-2011-1091", "csaw" : false }