Pidgin Security Advisory

TitleMSN direct connection denial of service
Date2010-12-26
CVE NameCVE-2010-4528
Discovered ByStu Tomlinson
SummaryRemotely-triggered denial of service in MSN
DescriptionIt was discovered that libpurple 2.7.6 through 2.7.8 did not properly handle "short" packets in MSN direct connection sessions, leading to a crash due to a NULL pointer dereference. Malicious clients or users can exploit this to cause a denial of service (crash).
Fixed in Revision26fc2e71129a
Fixed in Version2.7.9
FixIgnore short packets.

Return to Security Advisory Index