LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

gaim: buffer overflow, DoS

Package(s):gaim CVE #(s):CAN-2005-0965 CAN-2005-0966
Created:April 5, 2005 Updated:May 15, 2005
Description: Jean-Yves Lefort discovered a buffer overflow in the gaim_markup_strip_html() function. This caused Gaim to crash when receiving certain malformed HTML messages. (CAN-2005-0965)

Jean-Yves Lefort also noticed that many functions that handle IRC commands do not escape received HTML metacharacters; this allowed remote attackers to cause a Denial of Service by injecting arbitrary HTML code into the conversation window, popping up arbitrarily many empty dialog boxes, or even causing Gaim to crash. (CAN-2005-0966)

Alerts:
Slackware SSA:2005-133-01 2005-05-15
Conectiva CLA-2005:949 2005-04-27
Slackware SSA:2005-111-03 2005-04-22
Mandriva MDKSA-2005:071 2005-04-13
Red Hat RHSA-2005:365-01 2005-04-12
Gentoo 200504-05 2005-04-06
Fedora FEDORA-2005-299 2005-04-05
Fedora FEDORA-2005-298 2005-04-05
Ubuntu USN-106-1 2005-04-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds