13 lines
No EOL
848 B
Text
13 lines
No EOL
848 B
Text
source: https://www.securityfocus.com/bid/33414/info
|
|
|
|
Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
|
|
|
|
Successful exploits will cause the affected application to crash, effectively denying service to legitimate users.
|
|
|
|
Pidgin 2.4.1 is vulnerable; other versions may also be affected.
|
|
|
|
NOTE: This issue was previously thought to be a subset of the vulnerability documented in BID 29956 (Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities), but has been given its own record to properly document the vulnerability.
|
|
|
|
Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application.
|
|
|
|
'26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85' |