libpurple / Pidgin buffer overflow updated since 01.09.2008
Published:		09.06.2009
Source:		BUGTRAQ
SecurityVulns ID:		9250
Type:		library
Level:		6/10
Description:		Buffer overflow on MSN SLP messages parsing.

Affected:		PIDGIN : Pidgin 2.4
CVE:		CVE-2009-1376
		CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 allow remote attackers to execute arbitrary code via a malformed SLP message, a different vulnerability than CVE-2008-2955.)

Original document		ZDI, ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (09.06.2009)
		ZDI, ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (01.09.2008)

Discuss:

Read or add your comments to this news (0 comments)