hugo/content/about/security/advisories/cve-2010-3711-00.md

Fri, 12 Jul 2024 00:14:47 -0500

author
Gary Kramlich <grim@reaperworld.com>
date
Fri, 12 Jul 2024 00:14:47 -0500
changeset 538
24fe83c549b1
parent 397
56acee7044a0
permissions
-rw-r--r--

Sort the plugins list by the heading attribute

Previously we depended on the sorting of the json file, but that's difficult
and error prone considering that we can just let hugo do it.

Testing Done:
Ran the site locally and verified that the sorting worked.

Reviewed at https://reviews.imfreedom.org/r/3279/

---
title: cve-2010-3711-00
date: 2010-10-20T00:00:00.000Z
cveNumber: cve-2010-3711
summary: Multiple remotely-triggered denials of service
discoveredBy: Daniel Atallah
fixedInRelease: 2.7.4
type: security
layout: cve
hidden: true
---

### Description

It has been discovered that eight denial of service conditions exist in
libpurple all due to insufficient validation of the return value from
`purple_base64_decode()`. Invalid or malformed data received in place of a valid
base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP
protocol plugins and the NTLM authentication support trigger a crash. These
vulnerabilities can be leveraged by a remote user for denial of service.

### Mitigation

Check the return value from `purple_base64_decode()` before trying to use it.

mercurial