Pidgin Security Advisory

TitleBuffer overflow parsing chunked HTTP responses
CVE NameCVE-2013-6485
Discovered ByMatt Jones, Volvent
DescriptionA malicious server or man-in-the-middle could cause a buffer overflow by sending a malformed HTTP response with chunked Transfer-Encoding with invalid chunk sizes.
Fixed in Revisionc9e5aba2dafd
Fixed in Version2.10.8
FixEnforce a maximum size for chunks.

Return to Security Advisory Index