CVE-2009-1376

NONECVSS 0.0

0.0

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.

🔗 References (52)

secalert@redhathttp://debian.org/security/2009/dsa-1805
secalert@redhathttp://secunia.com/advisories/35188
secalert@redhathttp://secunia.com/advisories/35194
secalert@redhathttp://secunia.com/advisories/35202
secalert@redhathttp://secunia.com/advisories/35215
secalert@redhathttp://secunia.com/advisories/35294
secalert@redhathttp://secunia.com/advisories/35329
secalert@redhathttp://secunia.com/advisories/35330
secalert@redhathttp://secunia.com/advisories/37071
secalert@redhathttp://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
secalert@redhathttp://www.mandriva.com/security/advisories?name=MDVSA-2009:140
secalert@redhathttp://www.mandriva.com/security/advisories?name=MDVSA-2009:173
secalert@redhathttp://www.pidgin.im/news/security/?id=32
secalert@redhathttp://www.redhat.com/support/errata/RHSA-2009-1059.html
secalert@redhathttp://www.redhat.com/support/errata/RHSA-2009-1060.html

Is Your Infrastructure Affected by CVE-2009-1376?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-1376

📅 Published

🔄 Last Modified

🔗 References (52)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-1376?