cve-2011-4601-00

Summary AIM and ICQ remote crash
Date 2011-10-20
CVE Number CVE-2011-4601
Discovered By Evgeny Boger
Fixed In Release 2.10.1

Description

When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash.

Mitigation

Validate incoming strings as UTF-8 before using them as such.

Looking to reach us via XMPP? Check out the new PidginChat service!