Pidgin uaf when cancelling file select dialog after accepting DCC SEND
joseph.bisch at gmail.com
Wed Sep 20 22:25:10 EDT 2017
Sorry, yes. That's what I mean.
On Wed, Sep 20, 2017 at 10:20 PM, Eion Robb <eion at robbmob.com> wrote:
> Sorry, just to check, UAF meaning "use after free"?
> On 21 September 2017 at 14:05, Joseph Bisch <joseph.bisch at gmail.com> wrote:
>> Here is the reproducer:
>> echo $':c PRIVMSG a :\x01DCC SEND a a a a\x01\r\n' | nc -l -p 6667
>> Then you must accept the dcc send and cancel out of the file select
>> dialog. If you either click save on the file select dialog or you do
>> not accept the dcc send, then the uaf does not happen.
>> security mailing list
>> security at pidgin.im
More information about the security