PT-2014-1790 · Gadu Gadu+2 · Libgadu+2

Published

2014-05-20

Updated

2016-12-22

CVE-2014-3775

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libgadu versions prior to 1.11.4 libgadu version 1.12.0 before 1.12.0-rc3

Description The issue allows remote Gadu-Gadu file relay servers to cause a denial of service or possibly execute arbitrary code via a crafted message. Multiple vulnerabilities in the libgadu package may lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For libgadu versions prior to 1.11.4, update to version 1.11.4 or later. For libgadu version 1.12.0 before 1.12.0-rc3, update to version 1.12.0-rc3 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2014-1968

BDU:2015-04123

CVE-2014-3775

DSA-2935-1

MGASA-2014-0246

MGASA-2014-0295

OPENSUSE-SU-2024:10343-1

USN-2215-1

USN-2216-1

Affected Products

Alt Linux

Ubuntu

Libgadu

PT-2014-1790 · Gadu Gadu+2 · Libgadu+2

CVE-2014-3775

Weakness Enumeration

Related Identifiers

Affected Products

References · 38