CVE-2005-2103
published 2005-08-16CVE-2005-2103: Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute…
PriorityP343critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
16.05%
96.5th percentile
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gaim_project | gaim | < 1.5.0 | 1.5.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Gaim vulnerabilities
vendor_ubuntu·2005-08-12
CVE-2005-2102 Gaim vulnerabilities
Title: Gaim vulnerabilities
Summary: Gaim vulnerabilities
Daniel Atallah discovered a Denial of Service vulnerability in the
file transfer handler of OSCAR (the module that handles various
instant messaging protocols like ICQ). A remote attacker could crash
the Gaim client of an user by attempting to send him a file with
a name that contains invalid UTF-8 characters. (CAN-2005-2102)
It was found that specially crafted "away" messages triggered a buffer
overflow. A remote attacker could exploit this to crash the Gaim
client or possibly even execute arbitrary code with the permissions of
the Gaim user. (CAN-2005-2103)
Szymon Zygmunt and Michał Bartoszkiewicz discovered a memory alignment
error in the Gadu library, which was fixed in USN-162-1. However, it
was discovered that Gaim contain
Red Hat
security flaw
vendor_redhat·2005-08-08·CVSS 9.8
CVE-2005-2103 [CRITICAL] security flaw
security flaw
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
GHSA
GHSA-8p42-r5f7-3m7g: Buffer overflow in the AIM and ICQ module in Gaim before 1
ghsa_unreviewed·2022-05-01
CVE-2005-2103 [HIGH] CWE-131 GHSA-8p42-r5f7-3m7g: Buffer overflow in the AIM and ICQ module in Gaim before 1
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
No detection rules found.
http://gaim.sourceforge.net/security/?id=22http://www.novell.com/linux/security/advisories/2005_19_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2005-589.htmlhttp://www.redhat.com/support/errata/RHSA-2005-627.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/14531https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477https://usn.ubuntu.com/168-1/http://gaim.sourceforge.net/security/?id=22http://www.novell.com/linux/security/advisories/2005_19_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2005-589.htmlhttp://www.redhat.com/support/errata/RHSA-2005-627.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/14531https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477https://usn.ubuntu.com/168-1/
2005-08-16
Published