| Summary | Remote crash in IRC protocol plugin |
|---|---|
| Date | 2011-08-20 |
| CVE Number | CVE-2011-2943 |
| Discovered By | Djego Ibanez, Lead QA at Gamistry |
| Fixed In Release | 2.10.0 |
Certain characters in the nicknames of IRC users can trigger a null pointer dereference in the IRC protocol plugin’s handling of responses to WHO requests. This can cause a crash on some operating systems. Clients based on libpurple 2.8.0 through 2.9.0 are affected.
Change libpurple to validate the data it receives from the server before attempting to use it.