| Summary | Finch XMPP MUC crash |
|---|---|
| Date | 2010-02-18 |
| CVE Number | CVE-2010-0420 |
| Discovered By | Sadrul Habib Chowdhury |
| Fixed In Release | 2.6.6 |
If a user in a multi-user chat room has a nickname containing ‘ ’ then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution.
Correctly parse ‘ ’ so that it appears literally rather than as ' ‘.