A very very minor bug... Description: A weakness has been reported in Phex, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error in restricting the number of chat requests that a user can initiate to another. This can be exploited by malicious users to cause Phex to consume large amount of memory resources by initiating a large number of chat requests to a victim and then log off. Successful exploitation causes Phex to become unresponsive. The weakness has been reported in versions prior to 2.8.6. Solution: Update to version 2.8.6. http://sourceforge.net/project/showfiles.php?group_id=27021 Provided and/or discovered by: The vendor credits Ian Booth. Original Advisory: http://sourceforge.net/project/shownotes.php?release_id=412751
Futhermore, it's way possible that our x86 stable version is not affected. (2.0.0.76) 2.0.0.76 doesn't seem to have such a protection agains large number of chats : ( http://svn.sourceforge.net/viewcvs.cgi/phex/phex/tags/release-2_0_0_76/phex/src/phex/ )
That's a little too minor and I agree that our stable version is probably unaffected so closing as INVALID Feel free to reopen if you disagree.
