cve-2010-0420-00

Summary Finch XMPP MUC crash
Date 2021-02-14
CVE Number CVE-2010-0420
Discovered By Sadrul Habib Chowdhury
Fixed In Release 2.6.6

Description

If a user in a multi-user chat room has a nickname containing ‘ ’ then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution.

Mitigation

Correctly parse ‘ ’ so that it appears literally rather than as ' ‘.

Looking to reach us via XMPP? Check out the new PidginChat service!