Gadu-Gadu: >> Gadu-Gadu Instant Messenger Security Vulnerabilities
Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-01-10
Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype.
CVSS Score
5.0
EPSS Score
0.002
Published
2005-01-10
Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename.
CVSS Score
10.0
EPSS Score
0.052
Published
2005-01-10
Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length.
CVSS Score
5.0
EPSS Score
0.007
Published
2005-01-10
Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
CVSS Score
5.0
EPSS Score
0.01
Published
2004-12-31
Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box.
CVSS Score
2.6
EPSS Score
0.058
Published
2004-12-31
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.
CVSS Score
4.3
EPSS Score
0.005
Published
2004-12-31
Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.
CVSS Score
2.6
EPSS Score
0.007
Published
2004-12-31
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
CVSS Score
5.0
EPSS Score
0.008
Published
2004-12-31
Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.
CVSS Score
7.5
EPSS Score
0.035
Published
2004-09-12