Pidgin Security Advisory
| Title | QQ remote DoS |
|---|---|
| Date | 2009-05-03 |
| CVE Name | CVE-2009-1374 |
| Discovered By | Ka-Hing Cheung |
| Summary | Possible remote denial of service when receiving a QQ packet |
| Description | decrypt_out() always writes 8 bytes past the supplied buffer, which is always allocated on the stack. We don't believe this can cause anything outside of a crash. |
| Fixed in Version | 2.5.6 |
| Fix | decrypt_out() is fixed to not write past the end of the buffer. |
