cve-2013-6487-00

Summary Buffer overflow in Gadu-Gadu HTTP parsing
Date 2014-01-28
CVE Number CVE-2013-6487
Discovered By Yves Younan and Ryan Pentney of Sourcefire VRT
Fixed In Release 2.10.8

Description

A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow.

Mitigation

Enforce a maximum size for content-length.

Looking to reach us via XMPP? Check out the new PidginChat service!