QwikSec

Security Database

CVE

CWE

Training

CVE-2005-0966

Published: Apr 4, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MANDRAKE

vendor-advisory

x_refsource_FEDORA

oval:org.mitre.oval:def:9185

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

gaim-ircmsginvite-dos(19939)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

http://gaim.sourceforge.net/security/index.php?id=14

x_refsource_CONFIRM

gaim-irc-plugin-bo(19937)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_REDHAT

20050401 multiple remote denial of service vulnerabilities in Gaim

mailing-list

x_refsource_BUGTRAQ

http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750

x_refsource_CONFIRM

SUSE-SA:2005:036

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.