cve-2010-4528-00

Summary MSN direct connection denial of service
Date 2010-12-26
CVE Number CVE-2010-4528
Discovered By Stu Tomlinson
Fixed In Release 2.7.9

Description

It was discovered that libpurple 2.7.6 through 2.7.8 did not properly handle “short” packets in MSN direct connection sessions, leading to a crash due to a NULL pointer dereference. Malicious clients or users can exploit this to cause a denial of service (crash).

Mitigation

Ignore short packets.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site