| Summary | Yahoo! remote crash from incorrect character encoding |
|---|---|
| Date | 2012-01-28 |
| CVE Number | CVE-2012-6152 |
| Discovered By | Thijs Alkemade and Robert Vehse |
| Fixed In Release | 2.10.8 |
Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren’t UTF-8.
Depending on the context, either validate that a string is UTF-8 or transcode the string from the appropriate encoding to UTF-8.