date: 2007-09-27T00:00:00.000Z
summary: MSN Remote "Nudge" DoS
discoveredBy: Evan Schoenberg
A remote MSN user that is not on the buddy list can cause a denial of service
(crash) by sending a nudge message. The protocol plugin attempts to look up the
buddy's information and accesses an invalid memory location if the user is not
on the buddy list. This only affects libpurple version 2.2.0, older versions
The nudge functionality in the MSN protocol has been rewritten to avoid an
unnecessary lookup of buddy information.