Out-of-Bounds Affecting libgadu package, versions <1:1.8.0+r592-3


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
0.22% (60th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIANUNSTABLE-LIBGADU-293866
  • published28 Oct 2008
  • disclosed28 Oct 2008

Introduced: 28 Oct 2008

CVE-2008-4776  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade Debian:unstable libgadu to version 1:1.8.0+r592-3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgadu package and not the libgadu package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.

CVSS Scores

version 3.1