CVE-2008-4776 — ekg - denial of service

Description

libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.

How to fix CVE-2008-4776

To remediate CVE-2008-4776, upgrade the affected package to a fixed version below.

Debian/ekg—upgrade to 1:1.7~rc2-1etch2 or later
Debian/libgadu—upgrade to 1:1.8.0+r592-3 or later

Is CVE-2008-4776 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1:1.7~rc2-1etch2
from 0, < 1:1.8.0+r592-3

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-4776