cve-2013-6481-00

Summary Remote crash reading Yahoo! P2P message
Date 2014-01-28
CVE Number CVE-2013-6481
Discovered By Daniel Atallah
Fixed In Release 2.10.8

Description

The Yahoo! protocol plugin failed to validate a length field before trying to read from a buffer, which could result in reading past the end of the buffer which could cause a crash.

Mitigation

Check that the length is within range.

Looking to reach us via XMPP? Check out the new PidginChat service!