10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.086 Low
EPSS
Percentile
94.5%
Wojtek Kaniewski reports:
Multiple vulnerabilities have been found in libgadu, a
library for handling Gadu-Gadu instant messaging
protocol. It is a part of ekg, a Gadu-Gadu client, but is
widely used in other clients. Also some of the user
contributed scripts were found to behave in an insecure
manner.
integer overflow in libgadu (CVE-2005-1852) that could
be triggered by an incomming message and lead to
application crash and/or remote code execution
insecure file creation (CVE-2005-1850) and shell
command injection (CVE-2005-1851) in other user
contributed scripts (discovered by Marcin Owsiany and
Wojtek Kaniewski)
several signedness errors in libgadu that could be
triggered by an incomming network data or an application
passing invalid user input to the library
memory alignment errors in libgadu that could be
triggered by an incomming message and lead to bus errors
on architectures like SPARC
endianness errors in libgadu that could cause invalid
behaviour of applications on big-endian
architectures
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | gaim | < 1.4.0_1 | UNKNOWN |
FreeBSD | any | noarch | ja-gaim | < 1.4.0_1 | UNKNOWN |
FreeBSD | any | noarch | ko-gaim | < 1.4.0_1 | UNKNOWN |
FreeBSD | any | noarch | ru-gaim | < 1.4.0_1 | UNKNOWN |
FreeBSD | any | noarch | kdenetwork | < 3.4.2 | UNKNOWN |
FreeBSD | any | noarch | pl-ekg | < 1.6r3,1 | UNKNOWN |
FreeBSD | any | noarch | centericq | < 4.21.0_1 | UNKNOWN |