cve-2009-3083-00

Summary MSN partial SLP invite crash
Date 2009-09-03
CVE Number CVE-2009-3083
Discovered By blackstar in ticket
Fixed In Release 2.6.2

Description

The MSN protocol plugin extracts some fields from an incoming SLP invite. If some of these fields do not exist in the invite message then the protocol plugin will attempt to dereference a NULL pointer and will crash.

Mitigation

Check for NULL values and handle appropriately.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site