| Summary | MSN malformed SLP message overflow |
|---|---|
| Date | 2009-05-02 |
| CVE Number | CVE-2009-1376 |
| Discovered By | Loc VALBON (via TippingPoint's Zero Day Initiative) |
| Fixed In Release | 2.5.6 |
The previous fix to CVE-2008-2927 was deemed
incomplete. The size check improperly cast an uint64 to size_t which can
cause an integer overflow, rendering the check useless.
The proper variable type is now used when doing size comparison. Additionally, the malformed message is now properly discarded.