hugo/content/about/security/advisories/cve-2009-3083-00.md

Wed, 22 Jan 2025 21:35:51 -0600

author
Gary Kramlich <grim@reaperworld.com>
date
Wed, 22 Jan 2025 21:35:51 -0600
changeset 546
c30ec89f7dd7
parent 402
91f916eba5fd
permissions
-rw-r--r--

Updates for the 2.14.14 release

Testing Done:
Ran `npm run hugo:server` and verified the download links and changelog were displayed properly.

Reviewed at https://reviews.imfreedom.org/r/3782/

---
title: cve-2009-3083-00
date: 2009-09-03T00:00:00.000Z
cveNumber: cve-2009-3083
summary: MSN partial SLP invite crash
discoveredBy: blackstar in ticket #10159 and Elliott Sales de Andrade
fixedInRelease: 2.6.2
type: security
layout: cve
hidden: true
---

### Description

The MSN protocol plugin extracts some fields from an incoming SLP invite. If
some of these fields do not exist in the invite message then the protocol plugin
will attempt to dereference a NULL pointer and will crash.

### Mitigation

Check for NULL values and handle appropriately.

mercurial