Pidgin Security Advisory

TitleRemotely triggerable crash in IRC argument parsing
Date2014-01-28
CVE NameCVE-2014-0020
Discovered ByDaniel Atallah
DescriptionA malicious server or man-in-the-middle could trigger a crash in libpurple by sending a message with fewer than expected arguments.
Fixed in Revisiona167504359e5
9f132a6855cd
5845d9fa7084
6b0e0566af20
4d9be297d399
7d0fb0c6d8d4
Fixed in Version2.10.8
FixVerify that incoming messages contain the appropriate number of arguments before handling them.

Return to Security Advisory Index