Denial of Service Vulnerabilities

[Mark Doliner]

Hi again. Embargo date is set:
Tuesday 2013-01-28 at 07:00 PST, 10:00 EST, 15:00 UTC.

We have two CVEs for the bugs you found:
CVE-2013-6482
Used for three similar but different issues:
- NULL pointer dereference parsing headers in MSN
- NULL pointer dereference parsing OIM data in MSN
- NULL pointer dereference parsing SOAP data in MSN

CVE-2013-6483
- XMPP doesn't verify 'from' on some iq replies