CVE-2005-2772

NameCVE-2005-2772
DescriptionMultiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-832-1
Debian Bugs327722

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gopher (PTS)buster3.0.16fixed
bullseye3.0.17.3fixed
bookworm, sid3.0.17.3+nmu1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gophersourcewoody3.0.3woody4DSA-832-1
gophersourcesarge3.0.7sarge2DSA-832-1
gophersource(unstable)3.0.11high327722

Search for package or bug name: Reporting problems