FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gaim -- MSN denial-of-service vulnerabilities

Affected packages
gaim < 1.0.2
ja-gaim < 1.0.2
ko-gaim < 1.0.2
ru-gaim < 1.0.2
20030000 < gaim


VuXML ID f2d6a5e1-26b9-11d9-9289-000c41e2cdad
Discovery 2004-10-19
Entry 2004-10-25

The Gaim team discovered denial-of-service vulnerabilities in the MSN protocol handler:

After accepting a file transfer request, Gaim will attempt to allocate a buffer of a size equal to the entire filesize, this allocation attempt will cause Gaim to crash if the size exceeds the amount of available memory.

Gaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory.