Summary MSN overflow parsing SLP messages
Date 2009-08-18
CVE Number CVE-2009-2694
Discovered By Core Security Technologies
Fixed In Release 2.5.9


By sending two consecutive specially crafted SLP messages it is possible to trigger an memcpy to an invalid location in memory. This affects all versions of libpurple and Gaim released in the past few years.


Correctly destroy outgoing SLP ACK messages after they are sent, and ensure a buffer has been allocated within the SLP data structure before attempting to write to it.

Looking to reach us via XMPP? Check out the new PidginChat service!