| Summary | Remote crash parsing malformed Groupwise message |
|---|---|
| Date | 2014-10-22 |
| CVE Number | CVE-2014-3696 |
| Discovered By | Yves Younan and Richard Johnson of Cisco Talos |
| Fixed In Release | 2.10.10 |
A malicious server or man-in-the-middle could trigger a crash in libpurple by specifying that a large amount of memory should be allocated in many places in the UI.
Impose a maximum length when reading various types of messages.