cve-2012-6152-00

Summary Yahoo! remote crash from incorrect character encoding
Date 2012-01-28
CVE Number CVE-2012-6152
Discovered By Thijs Alkemade and Robert Vehse
Fixed In Release 2.10.8

Description

Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren’t UTF-8.

Mitigation

Depending on the context, either validate that a string is UTF-8 or transcode the string from the appropriate encoding to UTF-8.

Looking to reach us via XMPP? Check out the new PidginChat service!