Vulnerability Description
The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Talk | All versions |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038969.htmlVendor Advisory
- http://marc.info/?l=bugtraq&m=113278119300162&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23180
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038969.htmlVendor Advisory
- http://marc.info/?l=bugtraq&m=113278119300162&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23180
FAQ
What is CVE-2005-3899?
CVE-2005-3899 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be se...
How severe is CVE-2005-3899?
CVE-2005-3899 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3899?
Check the references section above for vendor advisories and patch information. Affected products include: Google Talk.