Описание
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:gaim-encryption:gaim-encryption:1.13:*:*:*:*:*:*:*
cpe:2.3:a:gaim-encryption:gaim-encryption:1.14:*:*:*:*:*:*:*
cpe:2.3:a:gaim-encryption:gaim-encryption:1.15:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00398
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 22 лет назад
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...
github
около 3 лет назад
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.
EPSS
Процентиль: 60%
0.00398
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other