konversation
Page content
- Author: kikadf
- Vulnerable: 1.4-3
- Unaffected: 1.4-4arcturus1
The ECB Blowfish decryption function assumed that encrypted input would always come in blocks of 12 characters, as specified. However, buggy clients or annoying people may not adhere to that assumption, causing the core to crash while trying to process the invalid base64 input.