PT-2021-7306 · Gajim+1 · Gajim+1

Valdikss

Published

2021-10-10

Updated

2024-06-15

CVE-2021-41055

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Gajim versions 1.2.x through 1.3.2

Description The issue is related to insufficient input validation when checking message IDs in multi-user chat, specifically with the XEP-0308 Last Message Correction extension. This allows remote attackers to cause a denial of service (crash) via a crafted XMPP message where the message ID equals the correction ID.

Recommendations For Gajim versions 1.2.x through 1.3.2, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider disabling the XEP-0308 Last Message Correction extension in multi-user chat until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2021-3020

ALT-PU-2024-1161

BDU:2022-05556

CVE-2021-41055

DSA-5064-1

MGASA-2022-0179

OPENSUSE-SU-2024:11734-1

Affected Products

Alt Linux

Gajim

PT-2021-7306 · Gajim+1 · Gajim+1

CVE-2021-41055

Weakness Enumeration

Related Identifiers

Affected Products

References · 20