Bug 1191561 (CVE-2021-41055) - VUL-1: CVE-2021-41055: gajim: remote DoS via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat
Summary: VUL-1: CVE-2021-41055: gajim: remote DoS via a crafted XMPP Last Message Corr...
Status: RESOLVED INVALID
Alias: CVE-2021-41055
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/312195/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-12 11:27 UTC by Thomas Leroy
Modified: 2024-05-15 16:40 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2021-10-12 11:27:52 UTC 
CVE-2021-41055

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of
service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in
multi-user chat, where the message ID equals the correction ID.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41055
http://www.cvedetails.com/cve/CVE-2021-41055/
https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3
https://dev.gajim.org/gajim/gajim/-/issues/10638
Comment 1 Thomas Leroy 2021-10-13 09:16:57 UTC 
Only Factory is affected.
Comment 2 Michael Vetter 2024-03-10 08:13:20 UTC 
Only Gajim 1.2.0 to 1.3.2 are affected.
In openSUSE_Backports_SLE-15-SP5_Update we have 1.1.3.
In Factory we have 1.8.4.

This can be closed.