Main Vulnerability Database SB2012080804

SB2012080804 - Information disclosure in pidgin.im Pidgin

Published: August 8, 2012 Updated: August 11, 2020

Security Bulletin ID SB2012080804

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2011-4922)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.

Remediation

Install update from vendor's website.

References

http://hg.pidgin.im/pidgin/main/rev/8c850977cb42
http://openwall.com/lists/oss-security/2012/01/04/13
http://www.pidgin.im/news/security/?id=50
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18223