Pidgin Security Advisory

TitleSametime crash with long user IDs
Date2013-02-13
CVE NameCVE-2013-0273
Discovered ByCoverity static analysis
Descriptionlibpurple failed to null-terminate user IDs that were longer than 4096 bytes. It's plausible that a malicious server could send one of these to us, which would lead to a crash.
Fixed in Revisionc31cf8de31cd
Fixed in Version2.10.7
FixUse g_strlcpy() instead of strncpy() to guarrantee that the string is null-terminated.

Return to Security Advisory Index