search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Gaim fails to properly validate the "name" parameter in the Yahoo login webpage

Vulnerability Note VU#371382

Original Release Date: 2004-05-06 | Last Revised: 2004-05-06


There is a buffer overflow vulnerability in the way the Gaim yahoo_login_page_hash() function parses the "name" parameter in the Yahoo login webpage.


Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger (YMSG) protocol. There is a buffer overflow vulnerability in the yahoo_login_page_hash() function of Gaim's YMSG protocol. When parsing the Yahoo login webpage, the yahoo_login_page_hash() function fails to perform adequate bounds checking on the value of the "name" parameter. Although the source of this value should originate from a site controlled by Yahoo, an attacker may use several techniques (DNS spoofing, man-in-the-middle, etc.) to modify the values returned to the victim.


An attacker with the ability to control the "name" parameter returned to the victim could execute arbitrary code with the privileges of the vulnerable process.



Upgrade to Gaim version 0.76 or later.

Vendor Information


Gaim Affected

Updated:  May 06, 2004



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


This vulnerability has been addressed in versions 0.76 and later.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



This vulnerability was publicly reported by Stefan Esser of e-matters.

This document was written by Damon Morda.

Other Information

CVE IDs: CVE-2004-0006
Severity Metric: 6.56
Date Public: 2004-01-26
Date First Published: 2004-05-06
Date Last Updated: 2004-05-06 19:46 UTC
Document Revision: 15

Sponsored by CISA.