Pidgin Security Advisory
| Title | MXit buffer overflow reading data from network |
|---|
| Date | 2013-02-13 |
|---|
| CVE Name | CVE-2013-0272 |
|---|
| Discovered By | Daniel Atallah |
|---|
| Description | The code did not respect the size of the buffer when parsing HTTP headers, and a malicious server or man-in-the-middle could send specially crafted data that could overflow the buffer. This could lead to a crash or remote code execution. |
|---|
| Fixed in Revision | 879db2a9a59c |
|---|
| Fixed in Version | 2.10.7 |
|---|
| Fix | Check buffer bounds when reading and parsing incoming HTTP data. |
|---|
Return to Security Advisory Index
