Pidgin 2.11.0

CPE Details

Pidgin 2.11.0
pidgin
pidgin
2.11.0
2019-06-03
15h16 +00:00
2019-06-03
15h16 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pidgin:pidgin:2.11.0:*:*:*:*:*:*:*

Informations

Vendor

pidgin

Product

pidgin

Version

2.11.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-26491 2022-05-31 02h25 +00:00 An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.
5.9
Medium
CVE-2017-2640 2018-07-27 16h00 +00:00 An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
9.8
Critical
CVE-2012-2369 2012-05-23 18h00 +00:00 Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.
7.5
CVE-2011-3594 2011-11-04 20h00 +00:00 The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
4.3
CVE-2010-3088 2010-10-08 20h00 +00:00 The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.
5.1
CVE-2009-2404 2009-08-03 12h00 +00:00 Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
9.3