CVE-2008-6393

Name of the Vulnerable Software and Affected Versions PSI Jabber client versions prior to 0.12.1

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option. This bypasses a signed integer check, triggering an integer overflow and a heap-based buffer overflow. Multiple vulnerabilities in the PSI package may lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For PSI Jabber client versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of file transfer requests until a patch is available.