Vulnerability CVE-2008-4776

Vulnerability Name:

CVE-2008-4776 (CCN-46158)

Assigned:

2008-10-28

Published:

2008-10-28

Updated:

2017-08-08

Summary:

libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-4776

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:023

Source: MLIST
Type: UNKNOWN
[libgadu-devel] 20081024 libgadu 1.8.2

Source: CCN
Type: libgadu Web page
libgadu 1.8.2

Source: DEBIAN
Type: UNKNOWN
DSA-1664

Source: DEBIAN
Type: DSA-1664
ekg -- missing input sanitising

Source: CCN
Type: OSVDB ID: 50042
libgadu Contact Description Handling Remote DoS

Source: BID
Type: UNKNOWN
31951

Source: CCN
Type: BID-31951
libgadu Contact Description Remote Buffer Overflow Vulnerability

Source: CCN
Type: USN-692-1
Gadu vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-692-1

Source: CCN
Type: Red Hat Bugzilla Bug 468830
libgadu: contact description buffer overrun vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=468830

Source: XF
Type: UNKNOWN
libgadu-contactdescription-bo(46158)

Source: XF
Type: UNKNOWN
libgadu-contactdescription-bo(46158)

Source: SUSE
Type: SUSE-SR:2008:023
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:wojtek_kaniewsk:libgadu:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:wojtek_kaniewsk:libgadu:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:wojtek_kaniewsk:libgadu:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:wojtek_kaniewsk:libgadu:1.8.0:*:*:*:*:*:*:*

OR cpe:/a:wojtek_kaniewsk:libgadu:*:*:*:*:*:*:*:* (Version <= 1.8.1)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20084776	V	CVE-2008-4776	2022-06-30
oval:org.opensuse.security:def:112634	P	libgadu-devel-1.12.2-2.11 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106115	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:33054	P	Security update for speex (Moderate)	2021-12-01
oval:org.opensuse.security:def:32185	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:32997	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:29413	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:26073	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:29377	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:36448	P	libgadu-1.8.2-1.24.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33103	P	Security update for ovmf (Moderate)	2021-03-29
oval:org.opensuse.security:def:28957	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:32278	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:26201	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:32841	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:33886	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:28031	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32634	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32379	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28538	P	Security update for coreutils	2020-12-01
oval:org.opensuse.security:def:33426	P	Security update for bzip2	2020-12-01
oval:org.opensuse.security:def:28368	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32754	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28739	P	Security update for PostgreSQL 9.1	2020-12-01
oval:org.opensuse.security:def:28664	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:33142	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29060	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31977	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26627	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29834	P	Security update for kdenetwork	2020-12-01
oval:org.opensuse.security:def:27956	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32422	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:27411	P	glib2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28302	P	Security update for libtasn1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32744	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32603	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28679	P	Security update for flac	2020-12-01
oval:org.opensuse.security:def:28448	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26009	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:33847	P	Security update for okular	2020-12-01
oval:org.opensuse.security:def:31965	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:26423	P	Security update for opencv (Important)	2020-12-01
oval:org.opensuse.security:def:29160	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26729	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28161	P	Security update for kernel-source (Moderate)	2020-12-01
oval:org.opensuse.security:def:32683	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32390	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28591	P	Security update for OpenSSH	2020-12-01
oval:org.opensuse.security:def:33465	P	Security update for kdenetwork	2020-12-01
oval:org.opensuse.security:def:28369	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25997	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28721	P	Security update for kdirstat	2020-12-01
oval:org.opensuse.security:def:33165	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26282	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:29099	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32051	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26676	P	cifs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27967	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32578	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27446	P	libgadu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32378	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28386	P	Security update for rubygem-mail-2_4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32788	P	star on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32697	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28695	P	Security update for gimp	2020-12-01
oval:org.opensuse.security:def:28579	P	Security update for poppler	2020-12-01
oval:org.opensuse.security:def:29011	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:31966	P	Security update for icu (Important)	2020-12-01
oval:org.opensuse.security:def:26574	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29798	P	Security update for icu	2020-12-01
oval:org.opensuse.security:def:27955	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32335	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26773	P	libxcrypt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28245	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32722	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32468	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:28640	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:28380	P	Security update for rubygem-actionpack-3_2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25998	P	Security update for libreoffice (Important)	2020-12-01
oval:org.opensuse.security:def:28805	P	Security update for orca (Moderate)	2020-12-01
oval:org.opensuse.security:def:33209	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26339	P	Security update for openjpeg2 (Important)	2020-12-01
oval:org.opensuse.security:def:29116	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26715	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:7621	P	DSA-1664 ekg -- missing input sanitising	2015-02-23
oval:org.mitre.oval:def:17899	P	USN-692-1 -- ekg, libgadu vulnerability	2014-06-30
oval:org.mitre.oval:def:18513	P	DSA-1664-1 ekg - denial of service	2014-06-23
oval:org.debian:def:1664	V	missing input sanitising	2008-11-10

BACK