OpenCVE

Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux
Rob Flynn	Gaim

Configuration 1 [-]

OR	cpe:2.3:a:rob_flynn:gaim:0.10:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.10.3:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.50:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.51:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.52:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.53:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.54:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.55:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.56:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.57:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.58:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.59:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.59.1:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.60:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.61:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.62:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.63:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.64:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.65:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.66:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.67:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.68:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.69:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.70:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.71:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.72:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.73:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.74:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.75:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.76:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.77:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.78:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.79:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.80:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.81:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.82:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.82.1:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.0.0:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.0.1:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.0.2:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.0.3:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.1.0:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.1.1:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.1.2:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.1.3:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.1.4:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.2.0:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.2.1:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
gaim	cpe:/o:redhat:enterprise_linux:3	RHSA-2005:429	2005-05-11T00:00:00Z
Red Hat Enterprise Linux 4
gaim	cpe:/o:redhat:enterprise_linux:4	RHSA-2005:429	2005-05-11T00:00:00Z
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2005:432	2005-05-11T00:00:00Z
Red Hat Enterprise Linux ES version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2005:432	2005-05-11T00:00:00Z
Red Hat Enterprise Linux WS version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2005:432	2005-05-11T00:00:00Z
Red Hat Linux Advanced Workstation 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2005:432	2005-05-11T00:00:00Z

References

Link	Providers
http://gaim.sourceforge.net/security/index.php?id=16
http://www.redhat.com/support/errata/RHSA-2005-429.html
http://www.redhat.com/support/errata/RHSA-2005-432.html
http://www.securityfocus.com/archive/1/426078/100/0/threaded
http://www.securityfocus.com/bid/13590
http://www.vupen.com/english/advisories/2005/0519
https://nvd.nist.gov/vuln/detail/CVE-2005-1261
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10725
https://www.cve.org/CVERecord?id=CVE-2005-1261

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2005-05-11T04:00:00

Updated: 2024-08-07T21:44:06.156Z

Reserved: 2005-04-25T00:00:00

Link: CVE-2005-1261

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-05-11T04:00:00.000

Modified: 2024-11-20T23:56:57.157

Link: CVE-2005-1261

Redhat

Severity : Critical

Publid Date: 2005-05-11T00:00:00Z

Links: CVE-2005-1261 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object