CVE-2004-0891
published 2005-01-27CVE-2004-0891: Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly…
PriorityP335critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
6.86%
93.2th percentile
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gentoo | linux | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
gaim vulnerabilities
vendor_ubuntu·2004-10-27
CVE-2004-0891 gaim vulnerabilities
Title: gaim vulnerabilities
Summary: gaim vulnerabilities
A buffer overflow and two remote crashes were recently discovered in
gaim's MSN protocol handler. An attacker could potentially execute
arbitrary code with the user's privileges by crafting and sending a
particular MSN message.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2004-10-19·CVSS 10.0
CVE-2004-0891 [CRITICAL] security flaw
security flaw
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
GHSA
GHSA-vxv8-px35-96ww: Buffer overflow in the MSN protocol handler for gaim 0
ghsa_unreviewed·2022-04-29
CVE-2004-0891 [HIGH] GHSA-vxv8-px35-96ww: Buffer overflow in the MSN protocol handler for gaim 0
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
No detection rules found.
No public exploits indexed.
http://gaim.sourceforge.net/security/?id=9http://www.gentoo.org/security/en/glsa/glsa-200410-23.xmlhttp://www.redhat.com/support/errata/RHSA-2004-604.htmlhttps://bugzilla.fedora.us/show_bug.cgi?id=2188https://exchange.xforce.ibmcloud.com/vulnerabilities/17786https://exchange.xforce.ibmcloud.com/vulnerabilities/17787https://exchange.xforce.ibmcloud.com/vulnerabilities/17790https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790https://www.ubuntu.com/usn/usn-8-1/http://gaim.sourceforge.net/security/?id=9http://www.gentoo.org/security/en/glsa/glsa-200410-23.xmlhttp://www.redhat.com/support/errata/RHSA-2004-604.htmlhttps://bugzilla.fedora.us/show_bug.cgi?id=2188https://exchange.xforce.ibmcloud.com/vulnerabilities/17786https://exchange.xforce.ibmcloud.com/vulnerabilities/17787https://exchange.xforce.ibmcloud.com/vulnerabilities/17790https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790https://www.ubuntu.com/usn/usn-8-1/
2005-01-27
Published