Pidgin Security Advisory

TitleMSN malformed SLP message crash
CVE NameCVE-2010-0277
Discovered ByFabian Yamaguchi
SummaryFailure to validate all fields of an incoming message can trigger a crash
DescriptionCertain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly.
Fixed in Revision9a3f73531905
Fixed in Version2.6.6
FixValidate input before attempting to handle the message.

Return to Security Advisory Index