pidgin-otr: heap use after free vulnerability (CVE-2015-8833)
The pidgin-otr plugin version 4.0.2 fixes a heap use after free error.
The bug is triggered when a user tries to authenticate a buddy and
happens in the function create_smp_dialog.
References:
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
http://www.openwall.com/lists/oss-security/2016/03/09/8
Commit / fix:
(from redmine: issue id 5428, created on 2016-04-18, closed on 2016-05-10)
- Relations:
- child #5429 (closed)
- child #5430 (closed)
- child #5431 (closed)
- child #5432 (closed)