| Summary | Multiple remotely-triggered denials of service |
|---|---|
| Date | 2010-10-20 |
| CVE Number | CVE-2010-3711 |
| Discovered By | Daniel Atallah |
| Fixed In Release | 2.7.4 |
It has been discovered that eight denial of service conditions exist in
libpurple all due to insufficient validation of the return value from
purple_base64_decode(). Invalid or malformed data received in place of a valid
base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP
protocol plugins and the NTLM authentication support trigger a crash. These
vulnerabilities can be leveraged by a remote user for denial of service.
Check the return value from purple_base64_decode() before trying to use it.