QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2694

Published: Aug 20, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=514957

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

http://www.pidgin.im/news/security/?id=34

x_refsource_CONFIRM

oval:org.mitre.oval:def:6320

vdb-entry

signature

x_refsource_OVAL

http://www.coresecurity.com/content/libpurple-arbitrary-write

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_SUNALERT

http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

oval:org.mitre.oval:def:10319

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

exploit

x_refsource_EXPLOIT-DB

http://developer.pidgin.im/wiki/ChangeLog

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.