potential security vulnerabilities
Ethan Blanton
elb at pidgin.im
Thu Jun 28 07:37:29 EDT 2018
Benjamin Bowman wrote:
> The glaring assumption here is that these functions are parsing untrusted
> data. If, as I think you touched on in your last email, these functions
> are not dealing with any user taintable data, then these are likely not a
> problem. If this is indeed the case, then I will mark these as false
> positives and work on refining my methods.
For my own part, I consider the server untrusted, as well. We should
fix this, and CVE it, in my opinion. However, as the AIM servers are
dead, it is of limited (but historical) interest.
Ethan
More information about the security
mailing list