Summary | Remote crash on some protocols |
---|---|
Date | 2005-05-10 |
CVE Number | CVE-2005-1261 |
Discovered By | Stu Tomlinson |
Fixed In Release | 1.3.0 |
It is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is not possible on all protocols, due to message length restrictions. Jabber are SILC are known to be vulnerable.
The URL parsing function was modified to not use a static buffer.