CyberSec.Space Logo
Back to CVE Browser

CVE-2005-2103

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile2.29th
PublishedAug 16, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.

Affected Platforms (CPE)

πŸ“¦
Gaim Project

Gaim

< 1.5.0

References & Advisories

πŸ”— http://gaim.sourceforge.net/security/?id=22
πŸ”— http://www.novell.com/linux/security/advisories/2005_19_sr.html
πŸ”— http://www.redhat.com/support/errata/RHSA-2005-589.html
πŸ”— http://www.redhat.com/support/errata/RHSA-2005-627.html
πŸ”— http://www.securityfocus.com/archive/1/426078/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/14531
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477
πŸ”— https://usn.ubuntu.com/168-1/

Related Vulnerabilities

CVE-2009-269410.0

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2...

CVE-2004-089110.0

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (applicati...

CVE-2000-117210.0

Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and pos...

CVE-2004-00059.8

Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via...