FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gaim -- remote crash on some protocols

Affected packages
gaim < 1.3.0
ja-gaim < 1.3.0
ko-gaim < 1.3.0
ru-gaim < 1.3.0

Details

VuXML ID 889061af-c427-11d9-ac59-02061b08fc24
Discovery 2005-05-10
Entry 2005-05-14

The GAIM team reports that GAIM is vulnerable to a denial-of-service vulnerability which can cause GAIM to crash:

It is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is not possible on all protocols, due to message length restrictions. Jabber are SILC are known to be vulnerable.

References

CVE Name CVE-2005-1261
URL http://gaim.sourceforge.net/security/index.php?id=16