Potential security issue: Yahoo authorisation requests with invalid encoding

Robert Vehse robertvehse at fastmail.fm
Mon Sep 24 06:21:32 EDT 2012


Hey folks,

at Adium, we received a bug report about a crash with Yahoo. It looks like it could be a security issue in libpurple.

Quoting "xnyhps":
13:38:18 Thijs Alkemade: Looks like http://trac.adium.im/ticket/16164 could be a security issue
13:39:31 Thijs Alkemade: It crashes on an auth request that contains something that is not valid UTF8, and libpurple doesn't salvage it properly
13:40:42 Thijs Alkemade: So it's possible anyone could send such an auth request to someone using Adium with Yahoo, and cause a crash

Cheers,
Robbie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20120924/aa4b9840/attachment.html>


More information about the security mailing list