CVE-2007-4996 - Vulnerability Details - OpenCVE

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pidgin	Pidgin

Configuration 1 [-]

cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://fedoranews.org/updates/FEDORA-2007-236.shtml
http://secunia.com/advisories/27010
http://secunia.com/advisories/27088
http://www.pidgin.im/news/security/?id=23
http://www.securityfocus.com/archive/1/481402/100/0/threaded
http://www.securityfocus.com/bid/25872
http://www.vupen.com/english/advisories/2007/3321
https://exchange.xforce.ibmcloud.com/vulnerabilities/36884
https://nvd.nist.gov/vuln/detail/CVE-2007-4996
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261
https://www.cve.org/CVERecord?id=CVE-2007-4996

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-10-01T20:00:00

Updated: 2024-08-07T15:17:27.846Z

Reserved: 2007-09-20T00:00:00

Link: CVE-2007-4996

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-01T20:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4996

Redhat

Severity : Important

Publid Date: 2007-09-27T00:00:00Z

Links: CVE-2007-4996 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of \"an invalid memory location.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "pidgin-msn-nudge-dos(36884)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36884"}, {"name": "27088", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27088"}, {"name": "20071003 FLEA-2007-0057-1 pidgin", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481402/100/0/threaded"}, {"name": "ADV-2007-3321", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3321"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.pidgin.im/news/security/?id=23"}, {"name": "25872", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25872"}, {"name": "FEDORA-2007-2368", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/updates/FEDORA-2007-236.shtml"}, {"name": "oval:org.mitre.oval:def:18261", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261"}, {"name": "27010", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27010"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:27.846Z"}, "title": "CVE Program Container", "references": [{"name": "pidgin-msn-nudge-dos(36884)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36884"}, {"name": "27088", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27088"}, {"name": "20071003 FLEA-2007-0057-1 pidgin", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481402/100/0/threaded"}, {"name": "ADV-2007-3321", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3321"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.pidgin.im/news/security/?id=23"}, {"name": "25872", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25872"}, {"name": "FEDORA-2007-2368", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/updates/FEDORA-2007-236.shtml"}, {"name": "oval:org.mitre.oval:def:18261", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261"}, {"name": "27010", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27010"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-4996", "datePublished": "2007-10-01T20:00:00", "dateReserved": "2007-09-20T00:00:00", "dateUpdated": "2024-08-07T15:17:27.846Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of \"an invalid memory location.\""}, {"lang": "es", "value": "libpurple de Pidgin versiones anteriores a 2.2.1 no gestiona apropiadamente los mensajes personalizados de usuarios que no est\u00e1n en la lista de amigos del receptor, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un mensaje personalizado que dispara un acceso de \"ubicaci\u00f3n inv\u00e1lida de memoria\"."}], "id": "CVE-2007-4996", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-01T20:17:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://fedoranews.org/updates/FEDORA-2007-236.shtml"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27010"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27088"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.pidgin.im/news/security/?id=23"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/481402/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/25872"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/3321"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36884"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fedoranews.org/updates/FEDORA-2007-236.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.pidgin.im/news/security/?id=23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481402/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18261"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. These issues did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2007-10-04T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}