Pidgin Security Advisory
| Title | MSN partial SLP invite crash |
|---|
| Date | 2009-09-03 |
|---|
| CVE Name | CVE-2009-3083 |
|---|
| Discovered By | blackstar in ticket #10159 and Elliott Sales de Andrade |
|---|
| Summary | MSN expects certain values to exist, and crashes if they do not |
|---|
| Description | The MSN protocol plugin extracts some fields from an incoming SLP invite. If some of these fields do not exist in the invite message then the protocol plugin will attempt to dereference a NULL pointer and will crash. |
|---|
| Fixed in Revision | 2431bae68adf |
|---|
| Fixed in Version | 2.6.2 |
|---|
| Fix | Check for NULL values and handle appropriately. |
|---|
Return to Security Advisory Index
