Description
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 6 | |||
| pidgin-0:2.7.9-3.el6 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2011:0616 | 2011-05-19T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2011-4833 | cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. |
 Ubuntu USN |
USN-1500-1 | Pidgin vulnerabilities |
References
History
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-07T00:23:38.650Z
Reserved: 2011-12-23T00:00:00.000Z
Link: CVE-2011-4922
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2012-08-08T10:26:18.127
Modified: 2025-04-11T00:51:21.963
Link: CVE-2011-4922
Redhat
OpenCVE Enrichment
No data.
Weaknesses