cve-2013-6485-00

Summary Buffer overflow parsing chunked HTTP responses
Date 2014-01-28
CVE Number CVE-2013-6485
Discovered By Matt Jones, Volvent
Fixed In Release 2.10.8

Description

A malicious server or man-in-the-middle could cause a buffer overflow by sending a malformed HTTP response with chunked Transfer-Encoding with invalid chunk sizes.

Mitigation

Enforce a maximum size for chunks.

Looking to reach us via XMPP? Check out the new PidginChat service!