Lucene search

[email protected]CVE-2004-2529

HistoryOct 25, 2005 - 4:00 a.m.

CVE-2004-2529

2005-10-2504:00:00

[email protected]

web.nvd.nist.gov

gadu-gadu

remote attackers

bypass

image send

vulnerabilities

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.1%

JSON

Gadu-Gadu allows remote attackers to bypass the “image send” option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.

Affected configurations

NVD

Node

gadu-gadugadu-gadu_instant_messengerMatch6.0

gadu-gadugadu-gadu_instant_messengerMatch6.0_build149

gadu-gadugadu-gadu_instant_messengerMatch6.0_build150

gadu-gadugadu-gadu_instant_messengerMatch6.0_build151

gadu-gadugadu-gadu_instant_messengerMatch6.0_build152

gadu-gadugadu-gadu_instant_messengerMatch6.0_build153

gadu-gadugadu-gadu_instant_messengerMatch6.0_build154

CPENameOperatorVersion
gadu-gadu:gadu-gadu_instant_messengergadu-gadu gadu-gadu instant messengereq6.0
gadu-gadu:gadu-gadu_instant_messengergadu-gadu gadu-gadu instant messengereq6.0_build149
gadu-gadu:gadu-gadu_instant_messengergadu-gadu gadu-gadu instant messengereq6.0_build150
gadu-gadu:gadu-gadu_instant_messengergadu-gadu gadu-gadu instant messengereq6.0_build151
gadu-gadu:gadu-gadu_instant_messengergadu-gadu gadu-gadu instant messengereq6.0_build152
gadu-gadu:gadu-gadu_instant_messengergadu-gadu gadu-gadu instant messengereq6.0_build153
gadu-gadu:gadu-gadu_instant_messengergadu-gadu gadu-gadu instant messengereq6.0_build154

CPE	Name	Operator	Version
gadu-gadu:gadu-gadu_instant_messenger	gadu-gadu gadu-gadu instant messenger	eq	6.0
gadu-gadu:gadu-gadu_instant_messenger	gadu-gadu gadu-gadu instant messenger	eq	6.0_build149
gadu-gadu:gadu-gadu_instant_messenger	gadu-gadu gadu-gadu instant messenger	eq	6.0_build150
gadu-gadu:gadu-gadu_instant_messenger	gadu-gadu gadu-gadu instant messenger	eq	6.0_build151
gadu-gadu:gadu-gadu_instant_messenger	gadu-gadu gadu-gadu instant messenger	eq	6.0_build152
gadu-gadu:gadu-gadu_instant_messenger	gadu-gadu gadu-gadu instant messenger	eq	6.0_build153
gadu-gadu:gadu-gadu_instant_messenger	gadu-gadu gadu-gadu instant messenger	eq	6.0_build154

References

marc.info/?l=bugtraq&m=110295777306493&w=2

secunia.com/advisories/13450

www.man.poznan.pl/~security/gg-adv.txt

www.osvdb.org/12520

www.securityfocus.com/bid/11899

exchange.xforce.ibmcloud.com/vulnerabilities/18463

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.1%

JSON

Related for CVE-2004-2529

cvelist1 nvd1