pidgin/nest

Add remaining cve from 2004

4 months ago, Sorvival
de31fe0d5bba
Parents 7feb374b5a83
Children 34e168c9c4b4
Add remaining cve from 2004

Testing Done:
Verified correct rendering using dev-server script

Bugs closed: NEST-43

Reviewed at https://reviews.imfreedom.org/r/485/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2004-0891-00.md Thu Feb 11 02:49:02 2021 -0600
@@ -0,0 +1,20 @@
+---
+title: cve-2004-0891-00
+date: 2004-10-19T00:00:00.000Z
+cveNumber: cve-2004-0891
+summary: MSN SLP buffer overflow
+discoveredBy: Gaim
+fixedInRelease: 1.0.2
+type: security
+layout: cve
+hidden: true
+---
+
+### Description
+
+Buffer overflow. memcpy was used without checking the size of the buffer before copying to it. Additionally, a logic flaw was causing the wrong buffer to be used as the destination for the copy under certain circumstances.
+
+### Mitigation
+
+Correct the logic to select the correct buffer, and add bounds checking to prevent malformed messages causing a buffer overflow.
+