CVE-2005-2370
published 2005-07-26CVE-2005-2370: Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial…
PriorityP414medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.32%
81.3th percentile
Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ekg | ekg | — | — |
| ekg | ekg | — | — |
| ekg | ekg | — | — |
| ekg | ekg | — | — |
| ekg | ekg | — | — |
| ekg | ekg | — | — |
| ekg | ekg | — | — |
| rob_flynn | gaim | <= 1.4.0 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Gaim vulnerabilities
vendor_ubuntu·2005-08-12
CVE-2005-2102 Gaim vulnerabilities
Title: Gaim vulnerabilities
Summary: Gaim vulnerabilities
Daniel Atallah discovered a Denial of Service vulnerability in the
file transfer handler of OSCAR (the module that handles various
instant messaging protocols like ICQ). A remote attacker could crash
the Gaim client of an user by attempting to send him a file with
a name that contains invalid UTF-8 characters. (CAN-2005-2102)
It was found that specially crafted "away" messages triggered a buffer
overflow. A remote attacker could exploit this to crash the Gaim
client or possibly even execute arbitrary code with the permissions of
the Gaim user. (CAN-2005-2103)
Szymon Zygmunt and Michał Bartoszkiewicz discovered a memory alignment
error in the Gadu library, which was fixed in USN-162-1. However, it
was discovered that Gaim contain
Ubuntu
ekg and Gadu library vulnerabilities
vendor_ubuntu·2005-08-09
CVE-2005-1850 ekg and Gadu library vulnerabilities
Title: ekg and Gadu library vulnerabilities
Summary: ekg and Gadu library vulnerabilities
Marcin Owsiany and Wojtek Kaniewski discovered that some contributed
scripts (contrib/ekgh, contrib/ekgnv.sh, and contrib/getekg.sh) in the
ekg package created temporary files in an insecure way, which allowed
exploitation of a race condition to create or overwrite files with the
privileges of the user invoking the script. (CAN-2005-1850)
Marcin Owsiany and Wojtek Kaniewski discovered a shell command
injection vulnerability in a contributed utility
(contrib/scripts/ekgbot-pre1.py). By sending specially crafted content
to the bot, an attacker could exploit this to execute arbitrary code
with the privileges of the user running ekgbot. (CAN-2005-1851)
Marcin Ślusarz discovered an integer overflow in
Red Hat
security flaw
vendor_redhat·2005-07-21·CVSS 5.0
CVE-2005-2370 [MEDIUM] security flaw
security flaw
Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
GHSA
GHSA-qj76-x84q-4mvg: Multiple "memory alignment errors" in libgadu, as used in ekg before 1
ghsa_unreviewed·2022-05-01
CVE-2005-2370 [MEDIUM] GHSA-qj76-x84q-4mvg: Multiple "memory alignment errors" in libgadu, as used in ekg before 1
Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
No detection rules found.
No public exploits indexed.
http://gaim.sourceforge.net/security/index.php?id=20http://marc.info/?l=bugtraq&m=112198499417250&w=2http://secunia.com/advisories/16265http://www.debian.org/security/2005/dsa-813http://www.debian.org/security/2007/dsa-1318http://www.redhat.com/support/errata/RHSA-2005-627.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/24600https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10456http://gaim.sourceforge.net/security/index.php?id=20http://marc.info/?l=bugtraq&m=112198499417250&w=2http://secunia.com/advisories/16265http://www.debian.org/security/2005/dsa-813http://www.debian.org/security/2007/dsa-1318http://www.redhat.com/support/errata/RHSA-2005-627.htmlhttp://www.securityfocus.com/archive/1/426078/100/0/threadedhttp://www.securityfocus.com/bid/24600https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10456
2005-07-26
Published