CVE-2008-1227: Buffer Overflow
First published: Fri Nov 09 2007(Updated: )
Description of problem: pidgin crashes on login to a silc account. I tried setting it up fresh, and from old setup. Both caused the crash. Version-Release number of selected component (if applicable): pidgin-2.2.2-1.fc8.x86_64 How reproducible: Everytime Steps to Reproduce: 1. Install pidgin 2. Run pidgin 3. Setup silc account Actual results: Crash Expected results: Runs normally Additional info: If run from a terminal window it mentions a buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/1.0.2 | <5. | 5. |
| Silc Toolkit | <=1.1.5 | |
| Silc Toolkit | =1.1 | |
| Silc Toolkit | =1.1.1 | |
| Silc Toolkit | =1.1.2 | |
| Silc Toolkit | =1.1.3 | |
| Silc Toolkit | =1.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=372021
- http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.6
- http://www.securityfocus.com/bid/28101
- http://secunia.com/advisories/29174
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
- http://secunia.com/advisories/29323
- http://security.gentoo.org/glsa/glsa-200804-27.xml
- http://secunia.com/advisories/29946
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:158
- http://www.vupen.com/english/advisories/2008/0769
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41012
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=290915
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=290915&action=edit
- http://koji.fedoraproject.org/scratch/nosnilmot/task_328484/
- http://admin.fedoraproject.org/F8/FEDORA-2008-1041
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=372021#c11
Frequently Asked Questions
What is the severity of CVE-2008-1227?
CVE-2008-1227 has a moderate severity rating due to the potential for the application to crash upon connecting to a silc account.
How do I fix CVE-2008-1227?
To resolve CVE-2008-1227, update to a patched version of the Pidgin software or the Silc Toolkit.
Which versions of Pidgin are affected by CVE-2008-1227?
CVE-2008-1227 affects Pidgin version 2.2.2 and likely earlier versions.
What software does CVE-2008-1227 impact?
CVE-2008-1227 impacts both Pidgin and multiple versions of the Silc Toolkit.
Is there a workaround for CVE-2008-1227?
Currently, there is no known workaround for CVE-2008-1227 aside from updating the affected software.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-1227
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- package-manager/redhat
- vendor/silc
- canonical/silc toolkit
- version/silc toolkit/1.1.5
- version/silc toolkit/1.1
- version/silc toolkit/1.1.1
- version/silc toolkit/1.1.2
- version/silc toolkit/1.1.3
- version/silc toolkit/1.1.4