independent-20041019-02

NOTE: This issue was not reported to a security reporting body.

Summary MSN SLP buffer overflow
Date 2004-10-19
Discovered By Gaim
Fixed In Release 1.0.2

Description

Buffer overflow. memcpy was used without checking the size of the buffer before copying to it. Additionally, a logic flaw was causing the wrong buffer to be used as the destination for the copy under certain circumstances.

Mitigation

Correct the logic to select the correct buffer, and add bounds checking to prevent malformed messages causing a buffer overflow. Correct the logic to select the correct buffer, and add bounds checking to prevent malformed messages causing a buffer overflow.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site