Vulnerability Description
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gaim-Encryption | Gaim-Encryption | 1.13 |
References
- http://marc.info/?l=bugtraq&m=105013281120352&w=2
- http://www.rapid7.com/advisories/R7-0013.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/7182PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=105013281120352&w=2
- http://www.rapid7.com/advisories/R7-0013.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/7182PatchVendor Advisory
FAQ
What is CVE-2003-0163?
CVE-2003-0163 is a vulnerability with a CVSS score of 5.0 (MEDIUM). decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negativ...
How severe is CVE-2003-0163?
CVE-2003-0163 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0163?
Check the references section above for vendor advisories and patch information. Affected products include: Gaim-Encryption Gaim-Encryption.