Why DC++ 0.674 is Insecure

Update 2017-10-21: Invalid ADC commands sent via UDP will crash the app, which DC++ 0.867 fixes, adds one more way to crash DC++ 0.674.

Update 2017-08-02: somehow, six (6) years later, this remains an issue. In that time, the actively developed DC++ and DC++-based clients one might try have become DC++ itself, ApexDC, AirDC++, and EiskaltDC++.

Furthermore, How to crash DC++ 0.674 describes more specifically how to remotely crash DC++ 0.674. It is strongly advised to update to a current version of an actively developed client.

Original post follows.

DC++ 0.674 remains surprisingly popular. However:

These reasons all apply to any vaguely modern client older than DC++ 0.707 (and the last three to clients through 0.75), actually, but 0.674 seems to have kept the most users of those old versions so I target it specifically. Instead, it’s much safer to use a currently-maintained client; if one prefers a pre-DC++ 0.7xx style GUI, one might look at StrongDC++ or any of its descendants.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: