Pidgin Security Advisory
| Title | Remote crash in IRC protocol plugin |
|---|
| Date | 2011-08-20 |
|---|
| CVE Name | CVE-2011-2943 |
|---|
| Discovered By | Djego Ibanez, Lead QA at Gamistry |
|---|
| Description | Certain characters in the nicknames of IRC users can trigger a null pointer dereference in the IRC protocol plugin's handling of responses to WHO requests. This can cause a crash on some operating systems. Clients based on libpurple 2.8.0 through 2.9.0 are affected. |
|---|
| Fixed in Revision | 619f32df41f1 |
|---|
| Fixed in Version | 2.10.0 |
|---|
| Fix | Change libpurple to validate the data it receives from the server before attempting to use it. |
|---|
Return to Security Advisory Index
