Gadu-gadu » Gadu-gadu Instant Messenger : Security Vulnerabilities, CVEs, Published In 2007 (Denial of service) CVSS score >= 4
Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.
Max CVSS
4.3
EPSS Score
3.15%
Published
2007-12-17
Updated
2018-10-15
Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol.
Max CVSS
4.3
EPSS Score
0.08%
Published
2007-12-17
Updated
2018-10-15
The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic.
Max CVSS
4.3
EPSS Score
0.26%
Published
2007-12-17
Updated
2018-10-15
3 vulnerabilities found