Summary QQ remote DoS
Date 2009-05-03
CVE Number CVE-2009-1374
Discovered By Ka-Hing Cheung
Fixed In Release 2.5.6


decrypt_out() always writes 8 bytes past the supplied buffer, which is always allocated on the stack. We don’t believe this can cause anything outside of a crash.


decrypt_out() is fixed to not write past the end of the buffer.

Looking to reach us via XMPP? Check out the new PidginChat service!