cve-2014-0020-00

Summary Remotely triggerable crash in IRC argument parsing
Date 2014-01-28
CVE Number CVE-2014-0020
Discovered By Daniel Atallah
Fixed In Release 2.10.8

Description

A malicious server or man-in-the-middle could trigger a crash in libpurple by sending a message with fewer than expected arguments.

Mitigation

Verify that incoming messages contain the appropriate number of arguments before handling them.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site