date: 2009-08-18T00:00:00.000Z
summary: MSN overflow parsing SLP messages
discoveredBy: Core Security Technologies
By sending two consecutive specially crafted SLP messages it is possible to
trigger an memcpy to an invalid location in memory. This affects all versions of
libpurple and Gaim released in the past few years.
Correctly destroy outgoing SLP ACK messages after they are sent, and ensure a
buffer has been allocated within the SLP data structure before attempting to