oss-sec mailing list archives

CVE request: Pidgin crash

From: Mark Doliner <mark () kingant net>
Date: Sat, 20 Aug 2011 10:59:50 -0700

Hi!  Would it be possible to issue a CVE for a new crash in Pidgin?

"Certain characters in the nicknames of IRC users can trigger a null
pointer dereference in the IRC protocol plugin's handling of responses
to WHO requests. This can cause a crash on some operating systems.
Clients based on libpurple 2.8.0 through 2.9.0 are affected."
http://pidgin.im/news/security/?id=53

The crash was discovered by Djego Ibanez.

Thanks,
Mark

Current thread:

CVE request: Pidgin crash Mark Doliner (Aug 20)
- Re: CVE request: Pidgin crash Huzaifa Sidhpurwala (Aug 21)
  - Re: CVE request: Pidgin crash Huzaifa Sidhpurwala (Aug 22)
    - Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
  - Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
  - Re: CVE request: Pidgin crash Moritz Mühlenhoff (Aug 22)
    - Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
    - Re: CVE request: Pidgin crash Josh Bressers (Aug 22)