decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and previous versions does not properly validate a message length parameter, which allows remote malicious users to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gaim-encryption gaim-encryption 1.14 |
||
gaim-encryption gaim-encryption 1.15 |
||
gaim-encryption gaim-encryption 1.13 |