|Summary||Remote UPnP discovery DoS|
|Discovered By||Andrew Hunt and Christian Grothoff|
|Fixed In Release||2.5.0|
The UPnP functionality in libpurple allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
UPnP related downloads are limited to 128kB.