CVE: CVE-2004-0005 - CVE-Search

CVE Details for CVE: CVE-2004-0005

Summary

Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.

Timestamps
Last major update	11-07-2017 - 01:29
Published	03-03-2004 - 05:00
Last modified	11-07-2017 - 01:29

References

Vulnerable Configurations

cpe:2.3:a:rob_flynn:gaim:0.75:*:*:*:*:*:*:*
cpe:2.3:a:rob_flynn:gaim:0.75:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20040126 Advisory 01/2004: 12 x Gaim remote overflows
cert-vn	VU#190366 VU#226974 VU#404470 VU#655974
conectiva	CLA-2004:813
debian	DSA-434
fulldisc	20040126 Advisory 01/2004: 12 x Gaim remote overflows
gentoo	GLSA-200401-04
misc	http://security.e-matters.de/advisories/012004.html
osvdb	3736
sectrack	1008850
slackware	SSA:2004-026
suse	SuSE-SA:2004:004
xf	gaim-mime-decoder-bo(14942) gaim-mime-decoder-oob(14944) gaim-sscanf-oob(14938) gaim-yahoodecode-offbyone-bo(14935)