VDB
CVE-2004-0005
CVE-2004-0005
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
EPSS 22.28% · 95.9th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
22.28%
95.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| gaim_project | gaim | 0.75 |
Timeline
- Feb 3, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- 3736 vdb
- gaim-mime-decoder-oob(14944) vdb
- VU#226974 third-party-advisory
- DSA-434 vendor-advisory
- gaim-mime-decoder-bo(14942) vdb
- SuSE-SA:2004:004 vendor-advisory
- SSA:2004-026 vendor-advisory
- gaim-yahoodecode-offbyone-bo(14935) vdb
- 20040126 Advisory 01/2004: 12 x Gaim remote overflows mailing-list
- GLSA-200401-04 vendor-advisory
- 1008850 vdb
- http://security.e-matters.de/advisories/012004.html url
- 20040126 Advisory 01/2004: 12 x Gaim remote overflows mailing-list
- VU#655974 third-party-advisory
- VU#190366 third-party-advisory
- CLA-2004:813 vendor-advisory
- VU#404470 third-party-advisory
- gaim-sscanf-oob(14938) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2004-0005 advisory