Potential security issue: Yahoo authorisation requests with invalid encoding
Robert Vehse
robertvehse at fastmail.fm
Mon Sep 24 06:21:32 EDT 2012
Hey folks,
at Adium, we received a bug report about a crash with Yahoo. It looks like it could be a security issue in libpurple.
Quoting "xnyhps":
13:38:18 Thijs Alkemade: Looks like http://trac.adium.im/ticket/16164 could be a security issue
13:39:31 Thijs Alkemade: It crashes on an auth request that contains something that is not valid UTF8, and libpurple doesn't salvage it properly
13:40:42 Thijs Alkemade: So it's possible anyone could send such an auth request to someone using Adium with Yahoo, and cause a crash
Cheers,
Robbie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20120924/aa4b9840/attachment.html>
More information about the security
mailing list