Pidgin Security Advisory
| Title | Buffer overflow in Gadu-Gadu HTTP parsing |
|---|---|
| Date | 2014-01-28 |
| CVE Name | CVE-2013-6487 |
| Discovered By | Yves Younan and Ryan Pentney of Sourcefire VRT |
| Description | A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow. |
| Fixed in Revision | ec15aa187aa0 |
| Fixed in Version | 2.10.8 |
| Fix | Enforce a maximum size for content-length. |
