Lucene search

[email protected]CVE-2005-3891

HistoryNov 29, 2005 - 9:03 p.m.

CVE-2005-3891

2005-11-2921:03:00

[email protected]

web.nvd.nist.gov

cve-2005-3891

gadu-gadu

buffer overflow

denial of service

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.1 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.4%

JSON

Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache" string that is added to the end of the buffer.

Affected configurations

NVD

Node

gadu-gadugadu-gadu_instant_messengerMatch7.20

CPENameOperatorVersion
gadu-gadu:gadu-gadu_instant_messengergadu-gadu gadu-gadu instant messengereq7.20

CPE	Name	Operator	Version
gadu-gadu:gadu-gadu_instant_messenger	gadu-gadu gadu-gadu instant messenger	eq	7.20

References

archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.html

marc.info/?l=bugtraq&m=113261573023912&w=2

secunia.com/advisories/17597/

www.osvdb.org/21016

www.securityfocus.com/bid/15520/

exchange.xforce.ibmcloud.com/vulnerabilities/23149

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.1 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.4%

JSON

Related for CVE-2005-3891

nvd1 cvelist1 kaspersky1