Upstream information
Description
The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 6.4 |
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SA:2005:036, published Fri, 24 Jun 2005 12:01:00
- SUSE-SR:2005:017, published Wed, 13 Jul 2005 11:00:00 +0000
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 01:10:05 2013CVE page last modified: Wed Sep 25 11:10:19 2024