CVE-2005-0967
published 2005-05-02CVE-2005-0967: Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an…
PriorityP413medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.50%
82.7th percentile
Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rob_flynn | gaim | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6q7m-4m7c-x25p: Gaim 1
ghsa_unreviewed·2022-05-01
CVE-2005-0967 [MEDIUM] GHSA-6q7m-4m7c-x25p: Gaim 1
Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.
Ubuntu
Gaim vulnerabilities
vendor_ubuntu·2005-05-13
CVE-2005-1261 Gaim vulnerabilities
Title: Gaim vulnerabilities
Summary: Gaim vulnerabilities
Marco Alvarez found a Denial of Service vulnerability in the Jabber
protocol handler. A remote attacker could exploit this to crash Gaim
by sending specially crafted file transfers to the user.
(CAN-2005-0967)
Stu Tomlinson discovered an insufficient bounds checking flaw in the
URL parser. By sending a message containing a very long URL, a remote
attacker could crash Gaim or execute arbitrary code with the
privileges of the user. This was not possible on all protocols, due to
message length restrictions. Jabber are SILC were known to be
vulnerable. (CAN-2005-1261)
Siebe Tolsma discovered a Denial of Service attack in the MSN handler.
By sending a specially crafted SLP message with an empty body, a
remote attacker could crash Gai
Red Hat
security flaw
vendor_redhat·2005-03-28·CVSS 5.0
CVE-2005-0967 [MEDIUM] security flaw
security flaw
Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-0967 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2005-0967 [MEDIUM] CVE-2005-0967 security flaw
CVE-2005-0967 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.
Bugzilla
CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
bugzilla·2005-03-10
[MEDIUM] CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
Two HTML parsing bugs were discovered in Gaim. It is possible that a remote
attacker could send a specially crafted message to a Gaim client, causing
it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473 to
these issues.
A bug in the way Gaim processes SNAC packets was discovered. It is
possible that a remote attacker could send a specially crafted SNAC packet
to a Gaim client, causing the client to stop responding. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0472 to this issue.
https://rhn.redhat.com/errata/RHSA-2005-215.html
------- Additional Comments From [email protected] 2005-03-1
http://gaim.sourceforge.net/security/?id=15http://secunia.com/advisories/14815http://securitytracker.com/id?1013645http://sourceforge.net/tracker/?func=detail&aid=1172115&group_id=235&atid=100235http://www.mandriva.com/security/advisories?name=MDKSA-2005:071http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://www.redhat.com/support/errata/RHSA-2005-365.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/13004https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9657http://gaim.sourceforge.net/security/?id=15http://secunia.com/advisories/14815http://securitytracker.com/id?1013645http://sourceforge.net/tracker/?func=detail&aid=1172115&group_id=235&atid=100235http://www.mandriva.com/security/advisories?name=MDKSA-2005:071http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://www.redhat.com/support/errata/RHSA-2005-365.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/13004https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9657
2005-05-02
Published