Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-3083

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.

Related bugs and status

CVE-2009-3083 (Candidate) is related to these bugs:

Bug #494002: [hardy] Failing to connect to MSN with 'protocol is not supported' error

		In	Importance	Status
494002	[hardy] Failing to connect to MSN with 'protocol is not supported' error	pidgin (Ubuntu)	Undecided	Fix Released
494002	[hardy] Failing to connect to MSN with 'protocol is not supported' error	Pidgin	Unknown	Unknown
494002	[hardy] Failing to connect to MSN with 'protocol is not supported' error	pidgin (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://developer.pidgi...
CONFIRM: http://developer.pidgi...
CONFIRM: http://developer.pidgi...
CONFIRM: http://www.pidgin.im/n...
BID: 36277
SECUNIA: 36601
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...