Pidgin Security Advisory

TitleMSN Remote "Nudge" DoS
Date2007-09-27
CVE NameCVE-2007-4996
Discovered ByEvan Schoenberg
SummaryMSN nudges sent from unknown buddies can cause libpurple 2.2.0 to crash
DescriptionA remote MSN user that is not on the buddy list can cause a denial of service (crash) by sending a nudge message. The protocol plugin attempts to look up the buddy's information and accesses an invalid memory location if the user is not on the buddy list. This only affects libpurple version 2.2.0, older versions are not affected.
Fixed in Version2.2.1
FixThe nudge functionality in the MSN protocol has been rewritten to avoid an unnecessary lookup of buddy information.

Return to Security Advisory Index