Gaim Vulnerability
| Title | Remote DoS on receiving certain messages over IRC |
|---|
| Date | 2 April 2005 |
|---|
| CVE Name | CAN-2005-0966 |
|---|
| Discovered By | Jean-Yves Lefort |
|---|
| Summary | Client crash and other strange behavior when receiving specific messages over IRC |
|---|
| Description | The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions. |
|---|
| Fixed in Version | 1.2.1 |
|---|
| Fix | The IRC protocol plugin was modified to escape appropriate messages passed to the Gaim core. |
|---|
Return to Index of Vulnerabilities
Gaim
