Denial of Service Vulnerability in Google Talk
CVE-2005-3899

Currently unrated

Key Information:

Vendor: Google
Status: Talk
Vendor: CVE Published:; 29 November 2005

Summary

The automatic update feature in Google Talk is susceptible to a denial of service attack, where remote attackers can exploit DNS cache poisoning to trigger excessive CPU and memory consumption. By manipulating the update process to deliver large update files, attackers can cause a significant performance degradation during the signature verification step. This flaw poses risks to system stability, affecting users' ability to use the application normally.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23180

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=113278119300162&w=2

mailing-listx_refsource_BUGTRAQ

http://lists.grok.org.uk/pipermail/full-disclosure/2005-N...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Nov 29, 2005
Vulnerability Reserved
Nov 29, 2005