Gaim vulnerable to DoS via specially crafted HTML

2005-02-2800:00:00

www.kb.cert.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.078 Low

EPSS

Percentile

94.1%

JSON

Overview

Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition.

Description

From the Gaim project:

Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks

Gaim is susceptible to receiving a malformed HTML message which may result in an invalid memory access.

Impact

A remote attacker can cause Gaim to crash, causing a denial of service condition.

Solution

Apply an update
This flaw has been fixed in Gaim 1.1.4. All users may download an update at the Gaim Downloads page.

As a best practice and potential workaround, users should not accept unexpected messages from unknown sources.

Vendor Information

795812

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Gaim __ Affected

Updated: February 28, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Gaim project has issued a Gaim Vulnerability note regarding this flaw.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23795812 Feedback>).