Pidgin Security Advisory
| Title | Sametime crash with long user IDs |
|---|
| Date | 2013-02-13 |
|---|
| CVE Name | CVE-2013-0273 |
|---|
| Discovered By | Coverity static analysis |
|---|
| Description | libpurple failed to null-terminate user IDs that were longer than 4096 bytes. It's plausible that a malicious server could send one of these to us, which would lead to a crash. |
|---|
| Fixed in Revision | c31cf8de31cd |
|---|
| Fixed in Version | 2.10.7 |
|---|
| Fix | Use g_strlcpy() instead of strncpy() to guarrantee that the string is null-terminated. |
|---|
Return to Security Advisory Index
