Summary Remotely triggerable crash in IRC argument parsing
Date 2014-01-28
CVE Number CVE-2014-0020
Discovered By Daniel Atallah
Fixed In Release 2.10.8


A malicious server or man-in-the-middle could trigger a crash in libpurple by sending a message with fewer than expected arguments.


Verify that incoming messages contain the appropriate number of arguments before handling them.

Looking to reach us via XMPP? Check out the new PidginChat service!