Kaspersky LabKLA10171KLA10171 Multiple vulnerabilities in Gadu-Gadu
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.3 High
AI Score
Confidence
Low
0.047 Low
EPSS
Percentile
92.7%
Multiple serious vulnerabilities have been found in Gadu-Gadu. Malicious can use these vulnerabilities to obtain sensitive information or cause denial of service Below is a complete list of vulnerabilities
- Vectors related to Easycall can be exploited remotely via outgoing calls;
- A buffer overflow can be exploited remotely via a specially designed image filename;
- Vectors related to unknown activities can be exploited remotely via a specially designed web page;
- Vectors related to unknown activities can be exploited remotely via specially designed DCC packets;
- Improper device name handling can be exploited remotely via a specially designed filename.
Original advisories
Related products
CVE list
CVE-2005-3887 high
CVE-2005-3889 critical
CVE-2005-3888 critical
CVE-2005-3891 critical
CVE-2005-3890 critical
CVE-2005-3892 critical
Solution
Update to latest version
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Gadu-Gadu version 7.20
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.3 High
AI Score
Confidence
Low
0.047 Low
EPSS
Percentile
92.7%