|Summary||MSN malformed SLP message overflow|
|Discovered By||Loc VALBON (via TippingPoint's Zero Day Initiative)|
|Fixed In Release||2.5.6|
The previous fix to CVE-2008-2927 was deemed
incomplete. The size check improperly cast an
size_t which can
cause an integer overflow, rendering the check useless.
The proper variable type is now used when doing size comparison. Additionally, the malformed message is now properly discarded.