OAuth Implementation Truncation Vulnerability in librest

OAuth Implementation Truncation Vulnerability in librest

CVE-2015-2675 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.

Learn more about our Web Application Penetration Testing UK.