Description
The previous fix to CVE-2008-2927 was deemed
incomplete. The size check improperly cast an uint64 to size_t which can
cause an integer overflow, rendering the check useless.
Mitigation
The proper variable type is now used when doing size comparison. Additionally, the malformed message is now properly discarded.