Search CVE reports
1 – 5 of 5 results
CVE-2022-33070
Medium prioritySome fixes available 7 of 66
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
9 affected packages
argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| argyll | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| libgadu | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libpg-query | Needs evaluation | Needs evaluation | — | — | — |
| libsignal-protocol-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| ocserv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pidgin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| protobuf-c | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| sudo | Not affected | Fixed | Not affected | Not affected | Not affected |
CVE-2013-4488
Low prioritylibgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.
1 affected packages
libgadu
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgadu | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2014-3775
Medium prioritySome fixes available 15 of 17
libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
2 affected packages
libgadu, pidgin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgadu | — | — | — | Not affected | Not affected |
| pidgin | — | — | — | Fixed | Fixed |
CVE-2013-6487
Medium prioritySome fixes available 6 of 8
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
2 affected packages
libgadu, pidgin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgadu | — | — | — | — | — |
| pidgin | — | — | — | — | — |
CVE-2008-4776
Low prioritySome fixes available 6 of 7
libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.
3 affected packages
ekg, kadu, libgadu
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ekg | — | — | — | — | — |
| kadu | — | — | — | — | — |
| libgadu | — | — | — | — | — |