| Summary | NULL pointer dereference parsing OIM data in MSN |
|---|---|
| Date | 2014-01-28 |
| CVE Number | CVE-2013-6482 |
| Discovered By | Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen |
| Fixed In Release | 2.10.8 |
A malicious server or man-in-the-middle could send us a specially-crafted XML response that results in a NULL pointer dereference.
Check for NULL before calling atoi().