CVE-2005-1261
published 2005-05-11CVE-2005-1261: Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.40%
95.7th percentile
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
| rob_flynn | gaim | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Gaim vulnerabilities
vendor_ubuntu·2005-05-13
CVE-2005-1261 Gaim vulnerabilities
Title: Gaim vulnerabilities
Summary: Gaim vulnerabilities
Marco Alvarez found a Denial of Service vulnerability in the Jabber
protocol handler. A remote attacker could exploit this to crash Gaim
by sending specially crafted file transfers to the user.
(CAN-2005-0967)
Stu Tomlinson discovered an insufficient bounds checking flaw in the
URL parser. By sending a message containing a very long URL, a remote
attacker could crash Gaim or execute arbitrary code with the
privileges of the user. This was not possible on all protocols, due to
message length restrictions. Jabber are SILC were known to be
vulnerable. (CAN-2005-1261)
Siebe Tolsma discovered a Denial of Service attack in the MSN handler.
By sending a specially crafted SLP message with an empty body, a
remote attacker could crash Gai
Red Hat
security flaw
vendor_redhat·2005-05-11·CVSS 7.5
CVE-2005-1261 [HIGH] security flaw
security flaw
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
GHSA
GHSA-vhpm-pcm2-4gxw: Stack-based buffer overflow in the URL parsing function in Gaim before 1
ghsa_unreviewed·2022-05-01
CVE-2005-1261 [HIGH] GHSA-vhpm-pcm2-4gxw: Stack-based buffer overflow in the URL parsing function in Gaim before 1
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
No detection rules found.
http://gaim.sourceforge.net/security/index.php?id=16http://www.redhat.com/support/errata/RHSA-2005-429.htmlhttp://www.redhat.com/support/errata/RHSA-2005-432.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/13590http://www.vupen.com/english/advisories/2005/0519https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10725http://gaim.sourceforge.net/security/index.php?id=16http://www.redhat.com/support/errata/RHSA-2005-429.htmlhttp://www.redhat.com/support/errata/RHSA-2005-432.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/13590http://www.vupen.com/english/advisories/2005/0519https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10725
2005-05-11
Published