7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.212 Low
EPSS
Percentile
95.9%
The Gaim application is a multi-protocol instant messaging client.
A stack based buffer overflow bug was found in the way gaim processes a
message containing a URL. A remote attacker could send a carefully crafted
message resulting in the execution of arbitrary code on a victim’s machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1261 to this issue.
A bug in the way Gaim processes SNAC packets was discovered. It is possible
that a remote attacker could send a specially crafted SNAC packet to a Gaim
client, causing the client to stop responding. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0472
to this issue.
Users of Gaim are advised to upgrade to this updated package which contains
gaim version 0.59.9 with backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 2 | i386 | gaim | < 0.59.9-4.el2 | gaim-0.59.9-4.el2.i386.rpm |
RedHat | 2 | ia64 | gaim | < 0.59.9-4.el2 | gaim-0.59.9-4.el2.ia64.rpm |