Gaim is a multi-protocol instant messenger available for a number of operating systems. It provides a feature that allows users to configure an HTTP proxy for connecting to the server. There is a buffer overflow vulnerability in the
http_canread() function. When parsing data returned by the HTTP proxy server, the
http_canread() function fails to perform proper adequate bounds checking on this data. Exploitation of this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code.
An unauthenticated, remote attacker could execute arbitrary code with the privileges of the vulnerable process.
Upgrade to Gaim version 0.76 or later.
Vendor| Status| Date Notified| Date Updated
Gaim| | -| 06 May 2004
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
This vulnerability was publicly reported by Stefan Esser of e-matters .
This document was written by Damon Morda.