Summary MSN overflow parsing SLP messages
Date 2009-08-18
CVE Number CVE-2009-2694
Discovered By Core Security Technologies
Fixed In Release 2.5.9


By sending two consecutive specially crafted SLP messages it is possible to trigger an memcpy to an invalid location in memory. This affects all versions of libpurple and Gaim released in the past few years.


Correctly destroy outgoing SLP ACK messages after they are sent, and ensure a buffer has been allocated within the SLP data structure before attempting to write to it.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site