CVE-2005-2103

Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://gaim.sourceforge.net/security/?id=22	Broken Link
http://www.novell.com/linux/security/advisories/2005_19_sr.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-589.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-627.html	Broken Link
http://www.securityfocus.com/archive/1/426078/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14531	Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477	Broken Link
https://usn.ubuntu.com/168-1/	Broken Link
http://gaim.sourceforge.net/security/?id=22	Broken Link
http://www.novell.com/linux/security/advisories/2005_19_sr.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-589.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-627.html	Broken Link
http://www.securityfocus.com/archive/1/426078/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14531	Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477	Broken Link
https://usn.ubuntu.com/168-1/	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:gaim_project:gaim:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:58

Type	Values Removed	Values Added
References	~~() http://gaim.sourceforge.net/security/?id=22 - Broken Link~~	() http://gaim.sourceforge.net/security/?id=22 - Broken Link
References	~~() http://www.novell.com/linux/security/advisories/2005_19_sr.html - Broken Link~~	() http://www.novell.com/linux/security/advisories/2005_19_sr.html - Broken Link
References	~~() http://www.redhat.com/support/errata/RHSA-2005-589.html - Broken Link~~	() http://www.redhat.com/support/errata/RHSA-2005-589.html - Broken Link
References	~~() http://www.redhat.com/support/errata/RHSA-2005-627.html - Broken Link~~	() http://www.redhat.com/support/errata/RHSA-2005-627.html - Broken Link
References	~~() http://www.securityfocus.com/archive/1/426078/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/archive/1/426078/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/14531 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/14531 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477 - Broken Link~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477 - Broken Link
References	~~() https://usn.ubuntu.com/168-1/ - Broken Link~~	() https://usn.ubuntu.com/168-1/ - Broken Link

02 Feb 2024, 15:02

Type	Values Removed	Values Added
CVSS	v2 : ~~7.5~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
CWE	~~NVD-CWE-Other~~	CWE-131
First Time		Gaim Project gaim Gaim Project
CPE	cpe:2.3:a:rob_flynn:gaim:0.53:::::::* cpe:2.3:a:rob_flynn:gaim:0.80:::::::* cpe:2.3:a:rob_flynn:gaim:0.68:::::::* cpe:2.3:a:rob_flynn:gaim:0.78:::::::* cpe:2.3:a:rob_flynn:gaim:0.55:::::::* cpe:2.3:a:rob_flynn:gaim:0.57:::::::* cpe:2.3:a:rob_flynn:gaim:0.63:::::::* cpe:2.3:a:rob_flynn:gaim:0.79:::::::* cpe:2.3:a:rob_flynn:gaim:0.54:::::::* cpe:2.3:a:rob_flynn:gaim:1.2.0:::::::* cpe:2.3:a:rob_flynn:gaim:1.1.2:::::::* cpe:2.3:a:rob_flynn:gaim:1.4.0:::::::* cpe:2.3:a:rob_flynn:gaim:0.75:::::::* cpe:2.3:a:rob_flynn:gaim:0.82.1:::::::* cpe:2.3:a:rob_flynn:gaim:0.62:::::::* cpe:2.3:a:rob_flynn:gaim:0.71:::::::* cpe:2.3:a:rob_flynn:gaim:1.0.0:::::::* cpe:2.3:a:rob_flynn:gaim:1.1.4:::::::* cpe:2.3:a:rob_flynn:gaim:0.56:::::::* cpe:2.3:a:rob_flynn:gaim:1.0.2:::::::* cpe:2.3:a:rob_flynn:gaim:1.1.3:::::::* cpe:2.3:a:rob_flynn:gaim:0.77:::::::* cpe:2.3:a:rob_flynn:gaim:0.50:::::::* cpe:2.3:a:rob_flynn:gaim:0.72:::::::* cpe:2.3:a:rob_flynn:gaim:0.10.3:::::::* cpe:2.3:a:rob_flynn:gaim:0.51:::::::* cpe:2.3:a:rob_flynn:gaim:1.0.3:::::::* cpe:2.3:a:rob_flynn:gaim:0.58:::::::* cpe:2.3:a:rob_flynn:gaim:1.2.1:::::::* cpe:2.3:a:rob_flynn:gaim:0.59:::::::* cpe:2.3:a:rob_flynn:gaim:0.64:::::::* cpe:2.3:a:rob_flynn:gaim:0.76:::::::* cpe:2.3:a:rob_flynn:gaim:1.1.0:::::::* cpe:2.3:a:rob_flynn:gaim:0.66:::::::* cpe:2.3:a:rob_flynn:gaim:0.82:::::::* cpe:2.3:a:rob_flynn:gaim:1.3.0:::::::* cpe:2.3:a:rob_flynn:gaim:0.65:::::::* cpe:2.3:a:rob_flynn:gaim:0.61:::::::* cpe:2.3:a:rob_flynn:gaim:0.10:::::::* cpe:2.3:a:rob_flynn:gaim:0.59.1:::::::* cpe:2.3:a:rob_flynn:gaim:1.0:::::::* cpe:2.3:a:rob_flynn:gaim:0.69:::::::* cpe:2.3:a:rob_flynn:gaim:0.73:::::::* cpe:2.3:a:rob_flynn:gaim:1.3.1:::::::* cpe:2.3:a:rob_flynn:gaim:0.67:::::::* cpe:2.3:a:rob_flynn:gaim:0.70:::::::* cpe:2.3:a:rob_flynn:gaim:1.0.1:::::::* cpe:2.3:a:rob_flynn:gaim:1.1.1:::::::* cpe:2.3:a:rob_flynn:gaim:0.52:::::::* cpe:2.3:a:rob_flynn:gaim:0.74:::::::* cpe:2.3:a:rob_flynn:gaim:0.81:::::::* cpe:2.3:a:rob_flynn:gaim:0.60:::::::*	cpe:2.3:a:gaim_project:gaim::::::::
References	~~(UBUNTU) https://usn.ubuntu.com/168-1/ -~~	(UBUNTU) https://usn.ubuntu.com/168-1/ - Broken Link
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477 - Broken Link
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2005-589.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2005-589.html - Broken Link
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2005-627.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2005-627.html - Broken Link
References	~~(FEDORA) http://www.securityfocus.com/archive/1/426078/100/0/threaded -~~	(FEDORA) http://www.securityfocus.com/archive/1/426078/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References	~~(SUSE) http://www.novell.com/linux/security/advisories/2005_19_sr.html -~~	(SUSE) http://www.novell.com/linux/security/advisories/2005_19_sr.html - Broken Link
References	~~(BID) http://www.securityfocus.com/bid/14531 -~~	(BID) http://www.securityfocus.com/bid/14531 - Broken Link, Third Party Advisory, VDB Entry
References	~~(CONFIRM) http://gaim.sourceforge.net/security/?id=22 -~~	(CONFIRM) http://gaim.sourceforge.net/security/?id=22 - Broken Link

Information

Published : 2005-08-16 04:00

Updated : 2024-11-20 23:58

NVD link : CVE-2005-2103

Mitre link : CVE-2005-2103

CVE.ORG link : CVE-2005-2103

JSON object : View

Products Affected

gaim_project

gaim

CWE

CWE-131

Incorrect Calculation of Buffer Size

9.8 /10