Summary MSN malformed SLP message overflow
Date 2009-05-02
CVE Number CVE-2009-1376
Discovered By Loc VALBON (via TippingPoint's Zero Day Initiative)
Fixed In Release 2.5.6


The previous fix to CVE-2008-2927 was deemed incomplete. The size check improperly cast an uint64 to size_t which can cause an integer overflow, rendering the check useless.


The proper variable type is now used when doing size comparison. Additionally, the malformed message is now properly discarded.

Looking to reach us via XMPP? Check out the new PidginChat service!