Pidgin Security Advisory

TitleRemote crash in IRC protocol plugin
Date2011-08-20
CVE NameCVE-2011-2943
Discovered ByDjego Ibanez, Lead QA at Gamistry
DescriptionCertain characters in the nicknames of IRC users can trigger a null pointer dereference in the IRC protocol plugin's handling of responses to WHO requests. This can cause a crash on some operating systems. Clients based on libpurple 2.8.0 through 2.9.0 are affected.
Fixed in Revision619f32df41f1
Fixed in Version2.10.0
FixChange libpurple to validate the data it receives from the server before attempting to use it.

Return to Security Advisory Index