New Search

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

oval:org.mitre.oval:def:10319

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • Red Hat Enterprise Linux 5
  • Oracle Linux 4
  • CentOS Linux 5
  • Oracle Linux 5
  • CentOS Linux 3
  • Red Hat Enterprise Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2009-2694
Product(s):