hugo/content/about/security/advisories/cve-2009-3615-00.md

Thu, 02 Jan 2025 16:35:59 -0600

author
Gary Kramlich <grim@reaperworld.com>
date
Thu, 02 Jan 2025 16:35:59 -0600
changeset 545
cf811d26020d
parent 402
91f916eba5fd
permissions
-rw-r--r--

Add a flathub verification token

Testing Done:
Ran with `npm run hugo:server` and verified the file was served properly.

Reviewed at https://reviews.imfreedom.org/r/3718/

---
title: cve-2009-3615-00
date: 2009-10-16T00:00:00.000Z
cveNumber: cve-2009-3615
summary: ICQ and maybe AIM remote crash
discoveredBy: nightwing666 in ticket #10481
fixedInRelease: 2.6.3
type: security
layout: cve
hidden: true
---

### Description

A specially crafted message can trigger an incorrect memory access in the oscar
protocol plugin which can lead to a crash. This happens when the SIM IM client
attempts to send contacts to a libpurple user.

### Mitigation

Check for the correct number of fields before attempting to dereference memory.

mercurial