Opened 8 years ago

#12989 new defect

two potential buffer overflows in zephyr

Reported by: underground-stockholm Owned by: seanegan
Milestone: Component: Zephyr
Version: 2.7.7 Keywords: crash buffer-overflow



I think I have found two potential buffer overflows in pidgin, where it will write outside of allocated memory in certain cases.

Function zephyr_login() in libpurple/protocols/zephyr/zephyr.c (from Monotone):
tempstr = g_malloc0(20000);
gchar* username = g_malloc0(100);

In both cases, there are no checks that the data copied will fit in tempstr and username.

I have no idea if this is exploitable for code execution or just a crash.

-- Frank | Underground Stockholm

Change History (0)

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!