Remote crash in ICQ

Mark Doliner mark at kingant.net
Sun Jun 28 19:16:15 EDT 2009


On Sun, Jun 28, 2009 at 4:48 AM, Josh Bressers<bressers at redhat.com> wrote:
>
> ----- "John Bailey" <rekkanoryo at rekkanoryo.org> wrote:
>
>> Warren Togami wrote:
>> > Do we need a CVE number for this?
>>
>> I leave this as an excercise for everyone else to determine.
>>
>
> Is this just a crash? My understanding is that we end up with a huge malloc,
> which fails or causes the OOM to kick in?
>
> A crash like this can go both ways. If the default ICQ setting is to let any
> user message you, it's probably an issue, but if it's only people on your
> buddy list, not so much.

I believe it is a remotely triggerable crash.  I believe the default
ICQ setting is to let any user send web messages to you.  I think it
should probably have a CVE number.

Thanks,
Mark



More information about the Packagers mailing list