OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

gaim -- multiple vulnerabilities

Affected packages
gaim < 1.3.0

Details

VuXML ID d9ee77da-c3f0-11d9-b2f0-00065bd5b0b6
Discovery 2005-05-10
Entry 2005-05-13

It is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is not possible on all protocols, due to message length restrictions. Jabber are SILC are known to be vulnerable.

[source]

Potential remote denial of service bug resulting from not checking a pointer for non-NULL before passing it to strncmp, which results in a crash. This can be triggered by a remote client sending an SLP message with an empty body.

[source]

References

CVE Name CAN-2005-1261
CVE Name CAN-2005-1262
URL http://gaim.sourceforge.net/security/index.php?id=16
URL http://gaim.sourceforge.net/security/index.php?id=17

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.