hugo/content/about/security/advisories/cve-2011-2943-00.md

Sun, 10 Nov 2024 00:47:44 -0600

author
Gary Kramlich <grim@reaperworld.com>
date
Sun, 10 Nov 2024 00:47:44 -0600
changeset 544
6532ddaa3587
parent 399
0ec2c139628a
permissions
-rw-r--r--

Add EionRobb's ChatGPT protocol plugin and update the signal protocol plugins

Testing Done:
Ran `npm run hugo:server` and verified it locally.

Reviewed at https://reviews.imfreedom.org/r/3649/

---
title: cve-2011-2943-00
date: 2011-08-20T00:00:00.000Z
cveNumber: cve-2011-2943
summary: Remote crash in IRC protocol plugin
discoveredBy: Djego Ibanez, Lead QA at Gamistry
fixedInRelease: 2.10.0
type: security
layout: cve
hidden: true
---

### Description

Certain characters in the nicknames of IRC users can trigger a null pointer
dereference in the IRC protocol plugin's handling of responses to WHO requests.
This can cause a crash on some operating systems. Clients based on libpurple
2.8.0 through 2.9.0 are affected.

### Mitigation

Change libpurple to validate the data it receives from the server before
attempting to use it.

mercurial