CVE-2011-3594 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-3594 PUBLISHED CVSS 8.699999809265137 HIGH

The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.

EPSS 0.96% · 76.3th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.96%

76.3th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
pidgin	libpurple	0, 1.0, 2.0.0
pidgin	pidgin

Timeline

Nov 4, 2011 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

oval:org.mitre.oval:def:18034 vdb
http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8 url
https://bugzilla.redhat.com/show_bug.cgi?id=743481 url
MDVSA-2011:183 vendor-advisory
46376 third-party-advisory
http://developer.pidgin.im/ticket/14636 url
RHSA-2011:1371 vendor-advisory
http://pidgin.im/news/security/?id=56 url
https://nvd.nist.gov/vuln/detail/CVE-2011-3594 advisory

Open in Interactive Console →