FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pidgin-otr -- use after free

Affected packages
pidgin-otr < 4.0.2

Details

VuXML ID 77e0b631-e6cf-11e5-85be-14dae9d210b8
Discovery 2015-04-04
Entry 2016-03-10

Hanno Bock reports:

The pidgin-otr plugin version 4.0.2 fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function create_smp_dialog.

References

CVE Name CVE-2015-8833
URL http://seclists.org/oss-sec/2016/q1/572
URL https://bugs.otr.im/issues/128
URL https://bugs.otr.im/issues/88