Pidgin Security Advisory
| Title | Buffer overflow parsing chunked HTTP responses |
|---|---|
| Date | 2014-01-28 |
| CVE Name | CVE-2013-6485 |
| Discovered By | Matt Jones, Volvent |
| Description | A malicious server or man-in-the-middle could cause a buffer overflow by sending a malformed HTTP response with chunked Transfer-Encoding with invalid chunk sizes. |
| Fixed in Revision | c9e5aba2dafd |
| Fixed in Version | 2.10.8 |
| Fix | Enforce a maximum size for chunks. |
