CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains
encryption-key data in process memory, which might allow local users to
obtain sensitive information by reading a core file or other representation
of memory contents.
It was discovered that libpurple versions prior to 2.7.10 do not properly
clear certain data structures used in libpurple/cipher.c prior to freeing. An
attacker could potentially extract partial information from memory regions
freed by libpurple.