CVE-2005-0472
published 2005-03-14CVE-2005-0472: Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
5.30%
91.6th percentile
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux_corporate_server | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rhx6-42v7-6767: Gaim before 1
ghsa_unreviewed·2022-05-01
CVE-2005-0472 [MEDIUM] GHSA-rhx6-42v7-6767: Gaim before 1
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
Ubuntu
Gaim vulnerabilities
vendor_ubuntu·2005-02-26
CVE-2005-0208 Gaim vulnerabilities
Title: Gaim vulnerabilities
Summary: Gaim vulnerabilities
The Gaim developers discovered that the HTML parser did not
sufficiently validate its input. This allowed a remote attacker to
crash the Gaim client by sending certain malformed HTML messages.
(CAN-2005-0208, CAN-2005-0473)
Another lack of sufficient input validation was found in the "Oscar"
protocol handler which is used for ICQ and AIM. By sending specially
crafted packets, remote users could trigger an infinite loop in Gaim
which caused Gaim to become unresponsive and hang. (CAN-2005-0472)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-02-17·CVSS 5.0
CVE-2005-0472 [MEDIUM] security flaw
security flaw
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-0472 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2005-0472 [MEDIUM] CVE-2005-0472 security flaw
CVE-2005-0472 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
Bugzilla
CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
bugzilla·2005-03-10
[MEDIUM] CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
Two HTML parsing bugs were discovered in Gaim. It is possible that a remote
attacker could send a specially crafted message to a Gaim client, causing
it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473 to
these issues.
A bug in the way Gaim processes SNAC packets was discovered. It is
possible that a remote attacker could send a specially crafted SNAC packet
to a Gaim client, causing the client to stop responding. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0472 to this issue.
https://rhn.redhat.com/errata/RHSA-2005-215.html
------- Additional Comments From [email protected] 2005-03-1
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933http://gaim.sourceforge.net/security/index.php?id=10http://marc.info/?l=bugtraq&m=110935655500670&w=2http://secunia.com/advisories/14322http://www.debian.org/security/2005/dsa-716http://www.gentoo.org/security/en/glsa/glsa-200503-03.xmlhttp://www.kb.cert.org/vuls/id/839280http://www.mandriva.com/security/advisories?name=MDKSA-2005:049http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://www.redhat.com/support/errata/RHSA-2005-215.htmlhttp://www.redhat.com/support/errata/RHSA-2005-432.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/12589https://exchange.xforce.ibmcloud.com/vulnerabilities/19380https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10433http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933http://gaim.sourceforge.net/security/index.php?id=10http://marc.info/?l=bugtraq&m=110935655500670&w=2http://secunia.com/advisories/14322http://www.debian.org/security/2005/dsa-716http://www.gentoo.org/security/en/glsa/glsa-200503-03.xmlhttp://www.kb.cert.org/vuls/id/839280http://www.mandriva.com/security/advisories?name=MDKSA-2005:049http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://www.redhat.com/support/errata/RHSA-2005-215.htmlhttp://www.redhat.com/support/errata/RHSA-2005-432.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/12589https://exchange.xforce.ibmcloud.com/vulnerabilities/19380https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10433
2005-03-14
Published