Vulnerability Name:

CVE-2011-4603 (CCN-71837)

Assigned:2011-12-11
Published:2011-12-11
Updated:2017-09-19
Summary:The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2011-4603

Source: CONFIRM
Type: Patch
http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c

Source: CONFIRM
Type: UNKNOWN
http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1

Source: CCN
Type: RHSA-2011-1820
Moderate: pidgin security update

Source: SECUNIA
Type: UNKNOWN
47234

Source: CCN
Type: Pidgin Web site
Pidgin 2.10.1

Source: CCN
Type: Pidgin Security Advisory 2011-09-29
SILC remote crash

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.pidgin.im/news/security/?id=59

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1820

Source: BID
Type: UNKNOWN
51074

Source: CCN
Type: BID-51074
Pidgin SILC (Secure Internet Live Conferencing) Protocol Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
pidgin-silc-dos(71837)

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:0066

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:18303

Vulnerable Configuration:Configuration 1:
  • cpe:/a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:*:*:*:*:*:*:*:* (Version <= 2.10.0)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:26155
    P
    		Security update for cairo (Low)
    2021-10-22
    oval:org.opensuse.security:def:20114603
    V
    		CVE-2011-4603
    2021-08-15
    oval:org.opensuse.security:def:36402
    P
    		finch-2.6.6-0.25.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26027
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:27365
    P
    		Xerces-c on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26377
    P
    		Security update for kauth, kdelibs4 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25951
    P
    		Security update for pcsc-lite (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26669
    P
    		apache2-mod_perl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27400
    P
    		finch on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26528
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25952
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26683
    P
    		dbus-1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26236
    P
    		Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26581
    P
    		libadns1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25963
    P
    		Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:26727
    P
    		kdenetwork4-filesharing on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26293
    P
    		Security update for raptor (Important)
    2020-12-01
    oval:org.opensuse.security:def:26630
    P
    		perl-spamassassin on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:17715
    P
    		USN-1500-1 -- pidgin vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:23420
    P
    		ELSA-2011:1820: pidgin security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21567
    P
    		RHSA-2011:1820: pidgin security update (Moderate)
    2014-02-24
    oval:org.mitre.oval:def:18303
    V
    		The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594
    2013-09-30
    oval:com.ubuntu.precise:def:20114603000
    V
    		CVE-2011-4603 on Ubuntu 12.04 LTS (precise) - low.
    2011-12-16
    oval:com.redhat.rhsa:def:20111820
    P
    		RHSA-2011:1820: pidgin security update (Moderate)
    2011-12-14
    BACK
    pidgin pidgin 2.0.0
    pidgin pidgin 2.0.1
    pidgin pidgin 2.0.2
    pidgin pidgin 2.1.0
    pidgin pidgin 2.1.1
    pidgin pidgin 2.2.0
    pidgin pidgin 2.2.1
    pidgin pidgin 2.2.2
    pidgin pidgin 2.3.0
    pidgin pidgin 2.3.1
    pidgin pidgin 2.4.0
    pidgin pidgin 2.4.1
    pidgin pidgin 2.4.2
    pidgin pidgin 2.4.3
    pidgin pidgin 2.5.0
    pidgin pidgin 2.5.1
    pidgin pidgin 2.5.2
    pidgin pidgin 2.5.3
    pidgin pidgin 2.5.4
    pidgin pidgin 2.5.5
    pidgin pidgin 2.5.6
    pidgin pidgin 2.5.7
    pidgin pidgin 2.5.8
    pidgin pidgin 2.5.9
    pidgin pidgin 2.6.0
    pidgin pidgin 2.6.1
    pidgin pidgin 2.6.2
    pidgin pidgin 2.6.3
    pidgin pidgin 2.6.4
    pidgin pidgin 2.6.5
    pidgin pidgin 2.6.6
    pidgin pidgin 2.7.1
    pidgin pidgin 2.7.2
    pidgin pidgin 2.7.3
    pidgin pidgin 2.7.4
    pidgin pidgin 2.7.5
    pidgin pidgin 2.7.6
    pidgin pidgin 2.7.7
    pidgin pidgin 2.7.8
    pidgin pidgin 2.7.9
    pidgin pidgin 2.7.10
    pidgin pidgin 2.7.11
    pidgin pidgin 2.8.0
    pidgin pidgin 2.9.0
    pidgin pidgin *
    pidgin pidgin 2.0.2
    pidgin pidgin 2.4.1
    pidgin pidgin 2.4.2
    pidgin pidgin 2.0.0
    pidgin pidgin 2.0.1
    pidgin pidgin 2.1.0
    pidgin pidgin 2.1.1
    pidgin pidgin 2.2.0
    pidgin pidgin 2.2.1
    pidgin pidgin 2.2.2
    pidgin pidgin 2.3.0
    pidgin pidgin 2.3.1
    pidgin pidgin 2.4.0
    pidgin pidgin 2.4.3
    pidgin pidgin 2.5.5
    pidgin pidgin 2.5.6
    pidgin pidgin 2.5.7
    pidgin pidgin 2.5.8
    pidgin pidgin 2.5.9
    pidgin pidgin 2.6.0
    pidgin pidgin 2.6.1
    pidgin pidgin 2.6.2
    pidgin pidgin 2.6.4
    pidgin pidgin 2.6.5
    pidgin pidgin 2.6.6
    pidgin pidgin 2.7.0
    pidgin pidgin 2.7.1
    pidgin pidgin 2.7.2
    pidgin pidgin 2.7.3
    pidgin pidgin 2.7.4
    pidgin pidgin 2.7.5
    pidgin pidgin 2.7.6
    pidgin pidgin 2.7.7
    pidgin pidgin 2.7.8
    pidgin pidgin 2.7.9
    pidgin pidgin 2.10.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 5
    redhat enterprise linux 5