CVE-2007-4897

EPSS 10.9%

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/9241unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.html http://marc.info/?l=full-disclosure&m=118959114522339&w=2 http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9 https://bugzilla.redhat.com/show_bug.cgi?id=292831 http://secunia.com/advisories/27127 http://secunia.com/advisories/27150 http://secunia.com/advisories/27518 http://secunia.com/advisories/28385 http://securityreason.com/securityalert/3138 https://exchange.xforce.ibmcloud.com/vulnerabilities/36568 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10928 http://www.mandriva.com/security/advisories?name=MDKSA-2007:206