Vulnerability Description
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Savoirfairelinux | Jami | 20222284 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-HanBroken Link
- https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-jRelease Notes
- https://review.jami.net/c/jami-client-qt/+/23569Patch
- https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-HanBroken Link
- https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-jRelease Notes
- https://review.jami.net/c/jami-client-qt/+/23569Patch
FAQ
What is CVE-2023-3434?
CVE-2023-3434 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value ...
How severe is CVE-2023-3434?
CVE-2023-3434 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3434?
Check the references section above for vendor advisories and patch information. Affected products include: Savoirfairelinux Jami, Microsoft Windows.