Vulnerability Description
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pidgin | Pidgin | <= 2.7.9 |
Related Weaknesses (CWE)
References
- http://hg.pidgin.im/pidgin/main/rev/8c850977cb42ExploitPatch
- http://openwall.com/lists/oss-security/2012/01/04/13
- http://www.pidgin.im/news/security/?id=50Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://hg.pidgin.im/pidgin/main/rev/8c850977cb42ExploitPatch
- http://openwall.com/lists/oss-security/2012/01/04/13
- http://www.pidgin.im/news/security/?id=50Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2011-4922?
CVE-2011-4922 is a vulnerability with a CVSS score of 2.1 (LOW). cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or o...
How severe is CVE-2011-4922?
CVE-2011-4922 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4922?
Check the references section above for vendor advisories and patch information. Affected products include: Pidgin Pidgin.