XMMP/Jabber clients DoS vulnerability report
Ethan Blanton
elb at pidgin.im
Mon Jan 25 13:37:04 EST 2010
at 2010-01-23T13:07+0000, Andrea Barisani wrote:
> oCERT recently received a report about a DoS condition in Pidgin and Psi,
> other XMMP clients might be affected (libpurple and libiris ones most
> likely).
>
> The sample message attached to this email causes, according to the reporter,
> 100% CPU load, the message can be sent by non-buddies as just the target jid
> is sufficient.
>
> Can you confirm the issue?
We are looking into this problem, and will have a reply for you shortly.
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100125/366c091a/attachment.pgp>
More information about the security
mailing list