ZDI-CAN-338: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

Josh Bressers bressers at redhat.com
Thu Jun 26 19:51:10 EDT 2008

On 26 June 2008, "Mark Doliner" wrote:
> On Thu, 26 Jun 2008 13:51:30 -0400, Josh Bressers wrote
> > 
> > I'll see about CVE ids hopefully later today.  I've been terribly bogged
> > down with other things and I've not found time for this yet.  Sorry.
> That would be great.

OK, I took a look at things, and the way I see it we have at least three
things (three CVE ids).

* XML memory leak
* UPnP arbitrary file download (maybe not a flaw)
* msn integer overflow

I'm also wondering about these ones:
7a490c356e10f7fff3432f875897aa0ca0ad1ff0 yahoo double free
d99b567b2df0833b855496e7466e6c4c2d9d2329 Don't crash if the given
    jabber id is invalid.  For example, bond/_007 at gmail.com

Should those be considered security flaws, or are those silly user tricks?



More information about the Packagers mailing list