Summary QQ remote DoS
Date 2009-05-03
CVE Number CVE-2009-1374
Discovered By Ka-Hing Cheung
Fixed In Release 2.5.6


decrypt_out() always writes 8 bytes past the supplied buffer, which is always allocated on the stack. We don’t believe this can cause anything outside of a crash.


decrypt_out() is fixed to not write past the end of the buffer.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site