Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Bug detected in popular chat client Pidgin

A flaw in a chat client used by millions worldwide to communicate on multiple networks at the same time opens users to potential dangers.

A flaw in the manner in which Pidgen handles the MXit protocol was detected by researchers at TALOS. The bug opens users to the possibility of information leakage, denial of service, directory traversal and buffer overflow.

Four information leakage flaws could enable specially crafted MXIT data sent from the server to cause an out-of-bounds read, which could then cause a crash or the leaking of information back to the server.

As well, six DoS vulnerabilities could cause a null pointer dereference, also leading to a crash. A directory traversal flaw could result in an overwrite of files. And, five directory traversal vulnerabilities could trigger a buffer overflow.

Patching software is essential to reduce the attack surface against these constant ongoing attacks, Talos advises.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.