Vulnerability Description
Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the buffer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gadu-Gadu | Gadu-Gadu Instant Messenger | 7.20 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.htmlVendor Advisory
- http://marc.info/?l=bugtraq&m=113261573023912&w=2
- http://secunia.com/advisories/17597/PatchVendor Advisory
- http://www.osvdb.org/21016
- http://www.securityfocus.com/bid/15520/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23149
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.htmlVendor Advisory
- http://marc.info/?l=bugtraq&m=113261573023912&w=2
- http://secunia.com/advisories/17597/PatchVendor Advisory
- http://www.osvdb.org/21016
- http://www.securityfocus.com/bid/15520/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23149
FAQ
What is CVE-2005-3891?
CVE-2005-3891 is a vulnerability with a CVSS score of 7.8 (HIGH). Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "...
How severe is CVE-2005-3891?
CVE-2005-3891 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3891?
Check the references section above for vendor advisories and patch information. Affected products include: Gadu-Gadu Gadu-Gadu Instant Messenger.