Pidgin Security Advisory

TitleMSN partial SLP invite crash
Date2009-09-03
CVE NameCVE-2009-3083
Discovered Byblackstar in ticket #10159 and Elliott Sales de Andrade
SummaryMSN expects certain values to exist, and crashes if they do not
DescriptionThe MSN protocol plugin extracts some fields from an incoming SLP invite. If some of these fields do not exist in the invite message then the protocol plugin will attempt to dereference a NULL pointer and will crash.
Fixed in Revision2431bae68adf
Fixed in Version2.6.2
FixCheck for NULL values and handle appropriately.

Return to Security Advisory Index