Vulnerability Name:

CVE-2012-1178 (CCN-73997)

Assigned:2012-01-17
Published:2012-01-17
Updated:2018-01-18
Summary:The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-1178

Source: CONFIRM
Type: UNKNOWN
http://developer.pidgin.im/ticket/14884

Source: CONFIRM
Type: UNKNOWN
http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c

Source: CONFIRM
Type: UNKNOWN
http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd

Source: CONFIRM
Type: Vendor Advisory
http://pidgin.im/news/security/?id=61

Source: CCN
Type: RHSA-2012-1102
Moderate: pidgin security update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:1102

Source: CCN
Type: SA48303
Pidgin Two Denial of Service Weaknesses

Source: SECUNIA
Type: UNKNOWN
50005

Source: CCN
Type: SA50746
Oracle Solaris Pidgin Multiple Vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2012:029

Source: CCN
Type: OSVDB ID: 80146
Pidgin libpurple/protocols/msn/oim.c msn_oim_report_to_user() Function UTF-8 Encoded Message Handling Remote DoS

Source: CCN
Type: Pidgin Web site
Possible MSN remote crash

Source: BID
Type: UNKNOWN
52475

Source: CCN
Type: BID-52475
Pidgin 'msn_oim_report_to_user()' Denial of Service Vulnerability

Source: CCN
Type: Oracle Security Blog, Sep 18, 2012
Multiple vulnerabilities in Pidgin

Source: XF
Type: UNKNOWN
pidgin-msnoimreporttouser-dos(73997)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:18019

Vulnerable Configuration:Configuration 1:
  • cpe:/a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:*:*:*:*:*:*:*:* (Version <= 2.10.1)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:libpurple:2.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:libpurple:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:libpurple:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:libpurple:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:libpurple:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:10::64bit:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:26155
    P
    		Security update for cairo (Low)
    2021-10-22
    oval:org.opensuse.security:def:20121178
    V
    		CVE-2012-1178
    2021-08-15
    oval:org.opensuse.security:def:36402
    P
    		finch-2.6.6-0.25.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26027
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:27365
    P
    		Xerces-c on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26377
    P
    		Security update for kauth, kdelibs4 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25951
    P
    		Security update for pcsc-lite (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26669
    P
    		apache2-mod_perl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27400
    P
    		finch on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26528
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25952
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26683
    P
    		dbus-1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26236
    P
    		Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26581
    P
    		libadns1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25963
    P
    		Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:26727
    P
    		kdenetwork4-filesharing on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26293
    P
    		Security update for raptor (Important)
    2020-12-01
    oval:org.opensuse.security:def:26630
    P
    		perl-spamassassin on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:17715
    P
    		USN-1500-1 -- pidgin vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:23942
    P
    		ELSA-2012:1102: pidgin security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:20790
    P
    		RHSA-2012:1102: pidgin security update (Moderate)
    2014-02-24
    oval:org.mitre.oval:def:18019
    V
    		The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding
    2013-09-30
    oval:com.redhat.rhsa:def:20121102
    P
    		RHSA-2012:1102: pidgin security update (Moderate)
    2012-07-19
    oval:com.ubuntu.precise:def:20121178000
    V
    		CVE-2012-1178 on Ubuntu 12.04 LTS (precise) - low.
    2012-03-15
    BACK
    pidgin pidgin 2.0.0
    pidgin pidgin 2.0.1
    pidgin pidgin 2.0.2
    pidgin pidgin 2.1.0
    pidgin pidgin 2.1.1
    pidgin pidgin 2.2.0
    pidgin pidgin 2.2.1
    pidgin pidgin 2.2.2
    pidgin pidgin 2.3.0
    pidgin pidgin 2.3.1
    pidgin pidgin 2.4.0
    pidgin pidgin 2.4.1
    pidgin pidgin 2.4.2
    pidgin pidgin 2.4.3
    pidgin pidgin 2.5.0
    pidgin pidgin 2.5.1
    pidgin pidgin 2.5.2
    pidgin pidgin 2.5.3
    pidgin pidgin 2.5.4
    pidgin pidgin 2.5.5
    pidgin pidgin 2.5.6
    pidgin pidgin 2.5.7
    pidgin pidgin 2.5.8
    pidgin pidgin 2.5.9
    pidgin pidgin 2.6.0
    pidgin pidgin 2.6.1
    pidgin pidgin 2.6.2
    pidgin pidgin 2.6.3
    pidgin pidgin 2.6.4
    pidgin pidgin 2.6.5
    pidgin pidgin 2.6.6
    pidgin pidgin 2.7.1
    pidgin pidgin 2.7.2
    pidgin pidgin 2.7.3
    pidgin pidgin 2.7.4
    pidgin pidgin 2.7.5
    pidgin pidgin 2.7.6
    pidgin pidgin 2.7.7
    pidgin pidgin 2.7.8
    pidgin pidgin 2.7.9
    pidgin pidgin 2.7.10
    pidgin pidgin 2.7.11
    pidgin pidgin 2.8.0
    pidgin pidgin 2.9.0
    pidgin pidgin 2.10.0
    pidgin pidgin *
    pidgin pidgin 2.0.2
    pidgin pidgin 2.4.1
    pidgin pidgin 2.4.2
    pidgin pidgin 2.0.0
    pidgin pidgin 2.0.1
    pidgin pidgin 2.1.0
    pidgin pidgin 2.1.1
    pidgin pidgin 2.2.0
    pidgin pidgin 2.2.1
    pidgin pidgin 2.2.2
    pidgin pidgin 2.3.0
    pidgin pidgin 2.3.1
    pidgin pidgin 2.4.0
    pidgin pidgin 2.4.3
    pidgin pidgin 2.5.5
    pidgin pidgin 2.5.6
    pidgin pidgin 2.5.7
    pidgin libpurple 2.5.8
    pidgin pidgin 2.5.8
    pidgin libpurple 2.6.0
    pidgin libpurple 2.6.1
    pidgin libpurple 2.5.2
    pidgin pidgin 2.5.9
    pidgin pidgin 2.6.0
    pidgin pidgin 2.6.1
    pidgin pidgin 2.6.2
    pidgin pidgin 2.6.4
    pidgin libpurple 2.6.4
    pidgin pidgin 2.6.5
    pidgin pidgin 2.6.6
    pidgin pidgin 2.7.0
    pidgin pidgin 2.7.1
    pidgin pidgin 2.7.2
    pidgin pidgin 2.7.3
    pidgin pidgin 2.7.4
    pidgin pidgin 2.7.5
    pidgin pidgin 2.7.6
    pidgin pidgin 2.7.7
    pidgin pidgin 2.7.8
    pidgin pidgin 2.7.9
    pidgin pidgin 2.10.0
    sun solaris 10
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6