CVE - CVE-2004-0005

CVE-ID
CVE-2004-0005	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows URL:http://marc.info/?l=bugtraq&m=107513690306318&w=2 CERT-VN:VU#190366 URL:http://www.kb.cert.org/vuls/id/190366 CERT-VN:VU#226974 URL:http://www.kb.cert.org/vuls/id/226974 CERT-VN:VU#404470 URL:http://www.kb.cert.org/vuls/id/404470 CERT-VN:VU#655974 URL:http://www.kb.cert.org/vuls/id/655974 CONECTIVA:CLA-2004:813 URL:~~http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813~~ (Obsolete source - check if archived by the Wayback Machine) DEBIAN:DSA-434 URL:http://www.debian.org/security/2004/dsa-434 FULLDISC:20040126 Advisory 01/2004: 12 x Gaim remote overflows URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html GENTOO:GLSA-200401-04 URL:https://security.gentoo.org/glsa/200401-04 MISC:http://security.e-matters.de/advisories/012004.html OSVDB:3736 URL:~~http://www.osvdb.org/3736~~ (Obsolete source) SECTRACK:1008850 URL:http://www.securitytracker.com/id?1008850 SLACKWARE:SSA:2004-026 URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158 SUSE:SuSE-SA:2004:004 URL:http://www.novell.com/linux/security/advisories/2004_04_gaim.html XF:gaim-mime-decoder-bo(14942) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14942 XF:gaim-mime-decoder-oob(14944) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14944 XF:gaim-sscanf-oob(14938) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14938 XF:gaim-yahoodecode-offbyone-bo(14935) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14935
Assigning CNA
MITRE Corporation
Date Record Created
20040105	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20071113)
Votes (Legacy)
ACCEPT(5) Armstrong, Baker, Cole, Cox, Green NOOP(2) Christey, Wall
Comments (Legacy)
Christey> CERT-VN:VU#404470 URL:http://www.kb.cert.org/vuls/id/404470 CERT-VN:VU#655974 URL:http://www.kb.cert.org/vuls/id/655974 CERT-VN:VU#226974 URL:http://www.kb.cert.org/vuls/id/226974 CERT-VN:VU#190366 URL:http://www.kb.cert.org/vuls/id/190366
Proposed (Legacy)
20040318
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)