cve-2006-4996-00

Summary MSN Remote "Nudge" DoS
Date 2007-09-27
CVE Number CVE-2007-4996
Discovered By Evan Schoenberg
Fixed In Release 2.2.1

Description

A remote MSN user that is not on the buddy list can cause a denial of service (crash) by sending a nudge message. The protocol plugin attempts to look up the buddy’s information and accesses an invalid memory location if the user is not on the buddy list. This only affects libpurple version 2.2.0, older versions are not affected.

Mitigation

The nudge functionality in the MSN protocol has been rewritten to avoid an unnecessary lookup of buddy information.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site