Pidgin Security Advisory

TitleBuffer overflow in Gadu-Gadu HTTP parsing
CVE NameCVE-2013-6487
Discovered ByYves Younan and Ryan Pentney of Sourcefire VRT
DescriptionA malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow.
Fixed in Revisionec15aa187aa0
Fixed in Version2.10.8
FixEnforce a maximum size for content-length.

Return to Security Advisory Index