| Summary | Potential information leak from XMPP |
|---|---|
| Date | 2014-10-22 |
| CVE Number | CVE-2014-3698 |
| Discovered By | Thijs Alkemade and Paul Aurich |
| Fixed In Release | 2.10.10 |
A malicious server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory.
Correctly determine the start and end position of buffers when performing stringprep.