|Summary||MSN overflow parsing SLP messages|
|Discovered By||Core Security Technologies|
|Fixed In Release||2.5.9|
By sending two consecutive specially crafted SLP messages it is possible to trigger an memcpy to an invalid location in memory. This affects all versions of libpurple and Gaim released in the past few years.
Correctly destroy outgoing SLP ACK messages after they are sent, and ensure a buffer has been allocated within the SLP data structure before attempting to write to it.