ZDI-CAN-338: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
bressers at redhat.com
Fri Jun 27 10:01:39 EDT 2008
On 26 June 2008, Josh Bressers wrote:
> On 26 June 2008, "Mark Doliner" wrote:
> > On Thu, 26 Jun 2008 13:51:30 -0400, Josh Bressers wrote
> > >
> > > I'll see about CVE ids hopefully later today. I've been terribly bogged
> > > down with other things and I've not found time for this yet. Sorry.
> > That would be great.
> OK, I took a look at things, and the way I see it we have at least three
> things (three CVE ids).
> * XML memory leak
> * UPnP arbitrary file download (maybe not a flaw)
> * msn integer overflow
It looks like the MSN issue is public now:
Does anyone know the impact of this issue? Can any random MSN user trigger
this flaw? If so that's obviously not good.
More information about the Packagers