CVE-2005-0473
published 2005-03-14CVE-2005-0473: The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an…
PriorityP413medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.48%
87.7th percentile
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux_corporate_server | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Gaim vulnerabilities
vendor_ubuntu·2005-02-26
CVE-2005-0208 Gaim vulnerabilities
Title: Gaim vulnerabilities
Summary: Gaim vulnerabilities
The Gaim developers discovered that the HTML parser did not
sufficiently validate its input. This allowed a remote attacker to
crash the Gaim client by sending certain malformed HTML messages.
(CAN-2005-0208, CAN-2005-0473)
Another lack of sufficient input validation was found in the "Oscar"
protocol handler which is used for ICQ and AIM. By sending specially
crafted packets, remote users could trigger an infinite loop in Gaim
which caused Gaim to become unresponsive and hang. (CAN-2005-0472)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-02-24·CVSS 5.0
CVE-2005-0208 [MEDIUM] security flaw
security flaw
The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.
Red Hat
security flaw
vendor_redhat·2005-02-17·CVSS 5.0
CVE-2005-0473 [MEDIUM] security flaw
security flaw
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
GHSA
GHSA-7mfh-mcrc-hgxh: The HTML parsing functions in Gaim before 1
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-0473 [MEDIUM] GHSA-7mfh-mcrc-hgxh: The HTML parsing functions in Gaim before 1
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
GHSA
GHSA-2q3w-m82w-3h55: The HTML parsing functions in Gaim before 1
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-0208 [MEDIUM] GHSA-2q3w-m82w-3h55: The HTML parsing functions in Gaim before 1
The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-0208 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2005-0208 [MEDIUM] CVE-2005-0208 security flaw
CVE-2005-0208 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.
Bugzilla
CVE-2005-0473 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2005-0473 [MEDIUM] CVE-2005-0473 security flaw
CVE-2005-0473 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
Bugzilla
CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
bugzilla·2005-03-10
[MEDIUM] CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
Two HTML parsing bugs were discovered in Gaim. It is possible that a remote
attacker could send a specially crafted message to a Gaim client, causing
it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473 to
these issues.
A bug in the way Gaim processes SNAC packets was discovered. It is
possible that a remote attacker could send a specially crafted SNAC packet
to a Gaim client, causing the client to stop responding. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0472 to this issue.
https://rhn.redhat.com/errata/RHSA-2005-215.html
------- Additional Comments From [email protected] 2005-03-1
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933http://gaim.sourceforge.net/security/index.php?id=11http://marc.info/?l=bugtraq&m=110935655500670&w=2http://secunia.com/advisories/14322http://www.gentoo.org/security/en/glsa/glsa-200503-03.xmlhttp://www.kb.cert.org/vuls/id/523888http://www.mandriva.com/security/advisories?name=MDKSA-2005:049http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://www.redhat.com/support/errata/RHSA-2005-215.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/12589https://exchange.xforce.ibmcloud.com/vulnerabilities/19381https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10212http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933http://gaim.sourceforge.net/security/index.php?id=11http://marc.info/?l=bugtraq&m=110935655500670&w=2http://secunia.com/advisories/14322http://www.gentoo.org/security/en/glsa/glsa-200503-03.xmlhttp://www.kb.cert.org/vuls/id/523888http://www.mandriva.com/security/advisories?name=MDKSA-2005:049http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://www.redhat.com/support/errata/RHSA-2005-215.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/12589https://exchange.xforce.ibmcloud.com/vulnerabilities/19381https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10212
2005-03-14
Published