Gaim Vulnerability
| Title | MSN SLP DOS (malloc error) |
|---|
| Date | 19 October 2004 |
|---|
| CVE Name | N/A |
|---|
| Discovered By | Gaim |
|---|
| Summary | Crash when receiving malformed MSN SLP message |
|---|
| Description | Remote crash. Gaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory. |
|---|
| Fixed in Version | 1.0.2 |
|---|
| Fix | Replace call to g_malloc() with call to g_try_malloc(). If the memory could not be allocated the function returns instead of causing the application to crash. |
|---|
Return to Index of Vulnerabilities
Gaim
