Pidgin uaf when cancelling file select dialog after accepting DCC SEND

Eion Robb eion at robbmob.com
Wed Sep 20 22:20:19 EDT 2017


Sorry, just to check, UAF meaning "use after free"?

On 21 September 2017 at 14:05, Joseph Bisch <joseph.bisch at gmail.com> wrote:

> Hi,
>
> Here is the reproducer:
>
> echo $':c PRIVMSG a :\x01DCC SEND a a a a\x01\r\n' | nc -l -p 6667
>
> Then you must accept the dcc send and cancel out of the file select
> dialog. If you either click save on the file select dialog or you do
> not accept the dcc send, then the uaf does not happen.
>
> Joseph
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20170921/7a4f5d8a/attachment.html>


More information about the security mailing list