ZDI-CAN-338: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
Josh Bressers
bressers at redhat.com
Thu Jun 26 19:51:10 EDT 2008
On 26 June 2008, "Mark Doliner" wrote:
> On Thu, 26 Jun 2008 13:51:30 -0400, Josh Bressers wrote
> >
> > I'll see about CVE ids hopefully later today. I've been terribly bogged
> > down with other things and I've not found time for this yet. Sorry.
>
> That would be great.
>
OK, I took a look at things, and the way I see it we have at least three
things (three CVE ids).
* XML memory leak
* UPnP arbitrary file download (maybe not a flaw)
* msn integer overflow
I'm also wondering about these ones:
7a490c356e10f7fff3432f875897aa0ca0ad1ff0 yahoo double free
d99b567b2df0833b855496e7466e6c4c2d9d2329 Don't crash if the given
jabber id is invalid. For example, bond/_007 at gmail.com
Should those be considered security flaws, or are those silly user tricks?
Thanks.
--
JB
More information about the Packagers
mailing list