cve-2014-3698-00

Summary Potential information leak from XMPP
Date 2014-10-22
CVE Number CVE-2014-3698
Discovered By Thijs Alkemade and Paul Aurich
Fixed In Release 2.10.10

Description

A malicious server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory.

Mitigation

Correctly determine the start and end position of buffers when performing stringprep.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site