CVE-2011-4922 Information

Description

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.

Reference

http://hg.pidgin.im/pidgin/main/rev/8c850977cb42 http://openwall.com/lists/oss-security/2012/01/04/13 http://www.pidgin.im/news/security/?id=50 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A18223