IMFreedom Security

Description

Buffer overflow. The URL is decoded into a static buffer of length 2048 bytes. I’m not sure it’s possible to receive a URL longer than 2048 bytes, as many protocols have message limits that are shorter than that.

Mitigation

A check to make sure the source string is shorter than 2048 bytes is performed.