| Summary | Buffer overflow in Gadu-Gadu HTTP parsing |
|---|---|
| Date | 2014-01-28 |
| CVE Number | CVE-2013-6487 |
| Discovered By | Yves Younan and Ryan Pentney of Sourcefire VRT |
| Fixed In Release | 2.10.8 |
A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow.
Enforce a maximum size for content-length.