Summary | NULL pointer dereference parsing OIM data in MSN |
---|---|
Date | 2014-01-28 |
CVE Number | CVE-2013-6482 |
Discovered By | Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen |
Fixed In Release | 2.10.8 |
A malicious server or man-in-the-middle could send us a specially-crafted XML response that results in a NULL pointer dereference.
Check for NULL before calling atoi()
.