Vulnerabilities > CVE-2005-3899 - Denial-Of-Service vulnerability in Talk

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
high complexity
google

Summary

The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug.

Vulnerable Configurations

Part Description Count
Application
Google
1