Gaim Vulnerability
| Title | Remote crash on some protocols |
|---|
| Date | 10 May 2005 |
|---|
| CVE Name | CAN-2005-1261 |
|---|
| Discovered By | Stu Tomlinson |
|---|
| Summary | Specially crafted messages on certain protocols can cause a buffer overflow |
|---|
| Description | It is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is not possible on all protocols, due to message length restrictions. Jabber are SILC are known to be vulnerable. |
|---|
| Fixed in Version | 1.3.0 |
|---|
| Fix | The URL parsing function was modified to not use a static buffer. |
|---|
Return to Index of Vulnerabilities
Gaim
