Описание
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:2.10.1-1ubuntu1 |
| hardy | ignored | end of life |
| lucid | released | 1:2.6.6-1ubuntu4.5 |
| maverick | ignored | end of life |
| natty | not-affected | 1:2.7.11-1ubuntu2.1 |
| oneiric | not-affected | 1:2.10.0-0ubuntu2 |
| precise | not-affected | 1:2.10.1-1ubuntu1 |
| upstream | released | 2.7.10-1 |
Показывать по
2.1 Low
CVSS2
Связанные уязвимости
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retain ...
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
ELSA-2011-0616: pidgin security and bug fix update (LOW)
2.1 Low
CVSS2