VDB
CVE-2011-3594
CVE-2011-3594
PUBLISHED
CVSS 8.699999809265137 HIGH
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
EPSS 0.96% · 76.8th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.96%
76.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| pidgin | libpurple | 0, 1.0, 2.0.0 |
| pidgin | pidgin |
Exploit Intelligence
- oval:org.mitre.oval:def:18034 (circl)
- http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=743481 (circl)
- MDVSA-2011:183 (circl)
- 46376 (circl)
- http://developer.pidgin.im/ticket/14636 (circl)
- RHSA-2011:1371 (circl)
- http://pidgin.im/news/security/?id=56 (circl)
Timeline
- Nov 4, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- oval:org.mitre.oval:def:18034 vdb
- http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8 url
- https://bugzilla.redhat.com/show_bug.cgi?id=743481 url
- MDVSA-2011:183 vendor-advisory
- 46376 third-party-advisory
- http://developer.pidgin.im/ticket/14636 url
- RHSA-2011:1371 vendor-advisory
- http://pidgin.im/news/security/?id=56 url
- https://nvd.nist.gov/vuln/detail/CVE-2011-3594 advisory