Summary MSN partial SLP invite crash
Date 2009-09-03
CVE Number CVE-2009-3083
Discovered By blackstar in ticket
Fixed In Release 2.6.2


The MSN protocol plugin extracts some fields from an incoming SLP invite. If some of these fields do not exist in the invite message then the protocol plugin will attempt to dereference a NULL pointer and will crash.


Check for NULL values and handle appropriately.

Looking to reach us via XMPP? Check out the new PidginChat service!