Vulnerability Description
libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wojtek Kaniewsk | Libgadu | <= 1.8.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
- http://lists.ziew.org/pipermail/libgadu-devel/2008-October/000331.html
- http://www.debian.org/security/2008/dsa-1664
- http://www.securityfocus.com/bid/31951
- http://www.ubuntu.com/usn/usn-692-1
- https://bugzilla.redhat.com/show_bug.cgi?id=468830
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46158
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
- http://lists.ziew.org/pipermail/libgadu-devel/2008-October/000331.html
- http://www.debian.org/security/2008/dsa-1664
- http://www.securityfocus.com/bid/31951
- http://www.ubuntu.com/usn/usn-692-1
- https://bugzilla.redhat.com/show_bug.cgi?id=468830
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46158
FAQ
What is CVE-2008-4776?
CVE-2008-4776 is a vulnerability with a CVSS score of 4.3 (MEDIUM). libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.
How severe is CVE-2008-4776?
CVE-2008-4776 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4776?
Check the references section above for vendor advisories and patch information. Affected products include: Wojtek Kaniewsk Libgadu.