cve-2011-2943-00

Summary Remote crash in IRC protocol plugin
Date 2011-08-20
CVE Number CVE-2011-2943
Discovered By Djego Ibanez, Lead QA at Gamistry
Fixed In Release 2.10.0

Description

Certain characters in the nicknames of IRC users can trigger a null pointer dereference in the IRC protocol plugin’s handling of responses to WHO requests. This can cause a crash on some operating systems. Clients based on libpurple 2.8.0 through 2.9.0 are affected.

Mitigation

Change libpurple to validate the data it receives from the server before attempting to use it.

Looking to reach us via XMPP? Check out the new PidginChat service!