Bug detected in popular chat client Pidgin
Information leakage and DoS can result from an unpatched system.
A flaw in a chat client used by millions worldwide to communicate on multiple networks at the same time opens users to potential dangers.
A flaw in the manner in which Pidgen handles the MXit protocol was detected by researchers at TALOS. The bug opens users to the possibility of information leakage, denial of service, directory traversal and buffer overflow.
Four information leakage flaws could enable specially crafted MXIT data sent from the server to cause an out-of-bounds read, which could then cause a crash or the leaking of information back to the server.
As well, six DoS vulnerabilities could cause a null pointer dereference, also leading to a crash. A directory traversal flaw could result in an overwrite of files. And, five directory traversal vulnerabilities could trigger a buffer overflow.Patching software is essential to reduce the attack surface against these constant ongoing attacks, Talos advises.