6.4

CVE-2011-1000

jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreedesktopTelepathy Gabble Version0.11
FreedesktopTelepathy Gabble Version0.11.1
FreedesktopTelepathy Gabble Version0.11.2
FreedesktopTelepathy Gabble Version0.11.3
FreedesktopTelepathy Gabble Version0.11.4
FreedesktopTelepathy Gabble Version0.11.5
FreedesktopTelepathy Gabble Version0.11.6
FreedesktopTelepathy Gabble Version0.10
FreedesktopTelepathy Gabble Version0.10.1
FreedesktopTelepathy Gabble Version0.10.2
FreedesktopTelepathy Gabble Version0.10.3
FreedesktopTelepathy Gabble Version0.10.4
FreedesktopTelepathy Gabble Version0.8
FreedesktopTelepathy Gabble Version0.8.1
FreedesktopTelepathy Gabble Version0.8.2
FreedesktopTelepathy Gabble Version0.8.3
FreedesktopTelepathy Gabble Version0.8.4
FreedesktopTelepathy Gabble Version0.8.5
FreedesktopTelepathy Gabble Version0.8.6
FreedesktopTelepathy Gabble Version0.8.7
FreedesktopTelepathy Gabble Version0.8.8
FreedesktopTelepathy Gabble Version0.8.9
FreedesktopTelepathy Gabble Version0.8.10
FreedesktopTelepathy Gabble Version0.8.11
FreedesktopTelepathy Gabble Version0.8.12
FreedesktopTelepathy Gabble Version0.8.13
FreedesktopTelepathy Gabble Version0.8.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.9% 0.851
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html
http://secunia.com/advisories/43316
Vendor Advisory
http://secunia.com/advisories/43369
Vendor Advisory
http://secunia.com/advisories/43404
Vendor Advisory
http://secunia.com/advisories/43485
http://secunia.com/advisories/43545
http://secunia.com/advisories/44023
http://www.debian.org/security/2011/dsa-2169
http://www.openwall.com/lists/oss-security/2011/02/17/4
Patch
http://www.openwall.com/lists/oss-security/2011/02/17/7
Patch
http://www.securityfocus.com/bid/46440
http://www.ubuntu.com/usn/USN-1067-1
http://www.vupen.com/english/advisories/2011/0412
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0428
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0537
http://www.vupen.com/english/advisories/2011/0572
http://www.vupen.com/english/advisories/2011/0901
https://bugs.freedesktop.org/show_bug.cgi?id=34048
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65523
https://hermes.opensuse.org/messages/7848248