Vulnerability Name:

CVE-2008-4776 (CCN-46158)

Assigned:2008-10-28
Published:2008-10-28
Updated:2017-08-08
Summary:libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-4776

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:023

Source: MLIST
Type: UNKNOWN
[libgadu-devel] 20081024 libgadu 1.8.2

Source: CCN
Type: libgadu Web page
libgadu 1.8.2

Source: DEBIAN
Type: UNKNOWN
DSA-1664

Source: DEBIAN
Type: DSA-1664
ekg -- missing input sanitising

Source: CCN
Type: OSVDB ID: 50042
libgadu Contact Description Handling Remote DoS

Source: BID
Type: UNKNOWN
31951

Source: CCN
Type: BID-31951
libgadu Contact Description Remote Buffer Overflow Vulnerability

Source: CCN
Type: USN-692-1
Gadu vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-692-1

Source: CCN
Type: Red Hat Bugzilla Bug 468830
libgadu: contact description buffer overrun vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=468830

Source: XF
Type: UNKNOWN
libgadu-contactdescription-bo(46158)

Source: XF
Type: UNKNOWN
libgadu-contactdescription-bo(46158)

Source: SUSE
Type: SUSE-SR:2008:023
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wojtek_kaniewsk:libgadu:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:wojtek_kaniewsk:libgadu:1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:wojtek_kaniewsk:libgadu:1.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:wojtek_kaniewsk:libgadu:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:wojtek_kaniewsk:libgadu:*:*:*:*:*:*:*:* (Version <= 1.8.1)

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20084776
    V
    CVE-2008-4776
    2022-06-30
    oval:org.opensuse.security:def:112634
    P
    libgadu-devel-1.12.2-2.11 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106115
    P
    Security update for java-1_8_0-ibm (Important) (in QA)
    2022-01-04
    oval:org.opensuse.security:def:33054
    P
    Security update for speex (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:32185
    P
    Security update for ghostscript (Critical)
    2021-09-21
    oval:org.opensuse.security:def:32997
    P
    Security update for xen (Important)
    2021-09-06
    oval:org.opensuse.security:def:29413
    P
    Security update for unrar (Moderate)
    2021-08-25
    oval:org.opensuse.security:def:26073
    P
    Security update for libjpeg-turbo (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:29377
    P
    Security update for libX11 (Important)
    2021-06-08
    oval:org.opensuse.security:def:36448
    P
    libgadu-1.8.2-1.24.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:33103
    P
    Security update for ovmf (Moderate)
    2021-03-29
    oval:org.opensuse.security:def:28957
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)
    2021-03-17
    oval:org.opensuse.security:def:32278
    P
    Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-03-17
    oval:org.opensuse.security:def:26201
    P
    Security update for java-1_8_0-ibm (Important)
    2021-02-26
    oval:org.opensuse.security:def:32841
    P
    Security update for xen (Moderate)
    2020-12-29
    oval:org.opensuse.security:def:33886
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:28031
    P
    Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:32634
    P
    apache2-mod_perl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32379
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28538
    P
    Security update for coreutils
    2020-12-01
    oval:org.opensuse.security:def:33426
    P
    Security update for bzip2
    2020-12-01
    oval:org.opensuse.security:def:28368
    P
    Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32754
    P
    ntp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28739
    P
    Security update for PostgreSQL 9.1
    2020-12-01
    oval:org.opensuse.security:def:28664
    P
    Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:33142
    P
    libcap-progs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29060
    P
    Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:31977
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26627
    P
    perl-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29834
    P
    Security update for kdenetwork
    2020-12-01
    oval:org.opensuse.security:def:27956
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32422
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27411
    P
    glib2-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28302
    P
    Security update for libtasn1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32744
    P
    logwatch on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32603
    P
    squid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28679
    P
    Security update for flac
    2020-12-01
    oval:org.opensuse.security:def:28448
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:26009
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33847
    P
    Security update for okular
    2020-12-01
    oval:org.opensuse.security:def:31965
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26423
    P
    Security update for opencv (Important)
    2020-12-01
    oval:org.opensuse.security:def:29160
    P
    Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26729
    P
    krb5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28161
    P
    Security update for kernel-source (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32683
    P
    hplip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32390
    P
    Security update for tomcat6 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28591
    P
    Security update for OpenSSH
    2020-12-01
    oval:org.opensuse.security:def:33465
    P
    Security update for kdenetwork
    2020-12-01
    oval:org.opensuse.security:def:28369
    P
    Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25997
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28721
    P
    Security update for kdirstat
    2020-12-01
    oval:org.opensuse.security:def:33165
    P
    libneon27 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26282
    P
    Security update for libproxy (Important)
    2020-12-01
    oval:org.opensuse.security:def:29099
    P
    Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:32051
    P
    Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26676
    P
    cifs-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27967
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32578
    P
    mono-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27446
    P
    libgadu on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32378
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28386
    P
    Security update for rubygem-mail-2_4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32788
    P
    star on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32697
    P
    kvm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28695
    P
    Security update for gimp
    2020-12-01
    oval:org.opensuse.security:def:28579
    P
    Security update for poppler
    2020-12-01
    oval:org.opensuse.security:def:29011
    P
    Security update for graphviz (Low)
    2020-12-01
    oval:org.opensuse.security:def:31966
    P
    Security update for icu (Important)
    2020-12-01
    oval:org.opensuse.security:def:26574
    P
    krb5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29798
    P
    Security update for icu
    2020-12-01
    oval:org.opensuse.security:def:27955
    P
    Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:32335
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:26773
    P
    libxcrypt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28245
    P
    Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32722
    P
    libopensc2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32468
    P
    Security update for xorg-x11-libs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28640
    P
    Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:28380
    P
    Security update for rubygem-actionpack-3_2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25998
    P
    Security update for libreoffice (Important)
    2020-12-01
    oval:org.opensuse.security:def:28805
    P
    Security update for orca (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33209
    P
    mutt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26339
    P
    Security update for openjpeg2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29116
    P
    Security update for java-1_7_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26715
    P
    gtk2 on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:7621
    P
    DSA-1664 ekg -- missing input sanitising
    2015-02-23
    oval:org.mitre.oval:def:17899
    P
    USN-692-1 -- ekg, libgadu vulnerability
    2014-06-30
    oval:org.mitre.oval:def:18513
    P
    DSA-1664-1 ekg - denial of service
    2014-06-23
    oval:org.debian:def:1664
    V
    missing input sanitising
    2008-11-10
    BACK
    wojtek_kaniewsk libgadu 1.7.0
    wojtek_kaniewsk libgadu 1.7.1
    wojtek_kaniewsk libgadu 1.7.2
    wojtek_kaniewsk libgadu 1.8.0
    wojtek_kaniewsk libgadu *