cve-2005-0966-00

Summary Remote DoS on receiving certain messages over IRC
Date 2005-04-02
CVE Number CVE-2005-0966
Discovered By Jean-Yves Lefort
Fixed In Release 1.2.1

Description

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows:

  1. remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit,
  2. remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or
  3. malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.

Mitigation

The IRC protocol plugin was modified to escape appropriate messages passed to the Gaim core.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site