| Summary | QQ remote DoS | 
|---|---|
| Date | 2009-05-03 | 
| CVE Number | CVE-2009-1374 | 
| Discovered By | Ka-Hing Cheung | 
| Fixed In Release | 2.5.6 | 
decrypt_out() always writes 8 bytes past the supplied buffer, which is always
                    allocated on the stack. We don’t believe this can cause anything outside of a
                    crash.
decrypt_out() is fixed to not write past the end of the buffer.