VULHUB ™

It is reported that Trillian is susceptible to multiple remote HTTP response buffer overflow vulnerabilities. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it into fixed-sized memory buffers. It is reported that multiple Trillian modules likely share the same code for making HTTP requests, and therefore multiple modules are vulnerable to the same attack. Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients. Several of these vulnerabilities are reportedly fixed in version 3.0 of Trillian. Versions 3.0 and 3.1 remain affected by multiple issues in its Yahoo! component. Versions 2.0 up to, but not including 3.0 are reported to be affected in multiple components.

It is reported that Trillian is susceptible to multiple remote HTTP response buffer overflow vulnerabilities. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it into fixed-sized memory buffers. It is reported that multiple Trillian modules likely share the same code for making HTTP requests, and therefore multiple modules are vulnerable to the same attack. Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients. Several of these vulnerabilities are reportedly fixed in version 3.0 of Trillian. Versions 3.0 and 3.1 remain affected by multiple issues in its Yahoo! component. Versions 2.0 up to, but not including 3.0 are reported to be affected in multiple components.