Denial of Service Vulnerabilities
Mark Doliner
mark at kingant.net
Wed Jan 22 04:15:13 EST 2014
Hi again. Embargo date is set:
Tuesday 2013-01-28 at 07:00 PST, 10:00 EST, 15:00 UTC.
We have two CVEs for the bugs you found:
CVE-2013-6482
Used for three similar but different issues:
- NULL pointer dereference parsing headers in MSN
- NULL pointer dereference parsing OIM data in MSN
- NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6483
- XMPP doesn't verify 'from' on some iq replies
More information about the security
mailing list