CVE-2004-1676 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gadu-gadu	Gadu-gadu Instant Messenger

Configuration 1 [-]

OR	cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:6.0:::::::*
	cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:6.0_build149:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=109508834910733&w=2
http://secunia.com/advisories/12510
http://www.securityfocus.com/bid/11158
https://exchange.xforce.ibmcloud.com/vulnerabilities/17324

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-20T05:00:00

Updated: 2024-08-08T01:00:37.216Z

Reserved: 2005-02-21T00:00:00

Link: CVE-2004-1676

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-09-12T04:00:00.000

Modified: 2024-11-20T23:51:28.490

Link: CVE-2004-1676

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "11158", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11158"}, {"name": "20040912 Gadu-Gadu (all versions with image-send feature) Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=109508834910733&w=2"}, {"name": "12510", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12510"}, {"name": "gadu-gadu-image-bo(17324)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17324"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1676", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "11158", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11158"}, {"name": "20040912 Gadu-Gadu (all versions with image-send feature) Heap Overflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=109508834910733&w=2"}, {"name": "12510", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12510"}, {"name": "gadu-gadu-image-bo(17324)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17324"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:00:37.216Z"}, "title": "CVE Program Container", "references": [{"name": "11158", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/11158"}, {"name": "20040912 Gadu-Gadu (all versions with image-send feature) Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=109508834910733&w=2"}, {"name": "12510", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/12510"}, {"name": "gadu-gadu-image-bo(17324)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17324"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1676", "datePublished": "2005-02-20T05:00:00", "dateReserved": "2005-02-21T00:00:00", "dateUpdated": "2024-08-08T01:00:37.216Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62C53DCD-9F92-4DBB-860E-9148B0F62696", "vulnerable": true}, {"criteria": "cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:6.0_build149:*:*:*:*:*:*:*", "matchCriteriaId": "47FF1D1D-473E-41DC-86E9-9DD8D7B969CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message."}], "id": "CVE-2004-1676", "lastModified": "2024-11-20T23:51:28.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-09-12T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109508834910733&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/12510"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11158"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=109508834910733&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/12510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17324"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}