Vulnerabilities > CVE-2023-3434 - Unspecified vulnerability in Savoirfairelinux Jami 20222284

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

savoirfairelinux

NVD

Published: 2023-07-14

Updated: 2023-07-26

Summary

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.

Vulnerable Configurations

Part	Description	Count
Application	Savoirfairelinux Savoirfairelinux Jami 20222284	1
OS	Microsoft Microsoft Windows -	1

References

https://review.jami.net/c/jami-client-qt/+/23569
https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-january-10
https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities