Описание
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-nbxmpp | fixed | 2.0.4-1 | package | |
| python-nbxmpp | not-affected | buster | package | |
| python-nbxmpp | not-affected | stretch | package |
Примечания
https://dev.gajim.org/gajim/gajim/-/issues/10638
https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f
Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version.
EPSS
Связанные уязвимости
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
Уязвимость расширения XEP-0308 Last Message Correction Jabber/XMPP-клиента Gajim, позволяющая нарушителю вызвать отказ в обслуживании
EPSS