CVE-2015-8688

MEDIUM

Gajim < 0.16.4 - Improper Input Validation

Title source: rule

Description

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.

References (6)

[Various Sources] http://gultsch.de/gajim_roster_push_and_message_interception.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html

[Vendor Advisory] https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3492

Scores

CVSS v3 5.4

EPSS 0.0056

EPSS Percentile 67.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Classification

CWE

CWE-20

Status draft

Affected Products (1)

gajim/gajim < 0.16.4

Timeline

Published Jan 15, 2016

Tracked Since Feb 18, 2026