CVE-2004-0005
high-risk
Published 2004-03-03
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
Do I need to act?
!
22.3% chance of exploitation in next 30 days
EPSS score — higher than 78% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (36)
Broken Link
http://www.debian.org/security/2004/dsa-434
Third Party Advisory
http://www.kb.cert.org/vuls/id/190366
Third Party Advisory
http://www.kb.cert.org/vuls/id/226974
Third Party Advisory
http://www.kb.cert.org/vuls/id/404470
Third Party Advisory
http://www.kb.cert.org/vuls/id/655974
Broken Link
http://www.osvdb.org/3736
Broken Link
http://www.securitytracker.com/id?1008850
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/14935
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/14938
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/14942
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/14944
Third Party Advisory
https://security.gentoo.org/glsa/200401-04
and 16 more references
51
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
14/34 · Moderate
Exposure
5/34 · Minimal