Vulnerabilities > CVE-2023-3434 - Unspecified vulnerability in Savoirfairelinux Jami 20222284
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
References
- https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities
- https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities
- https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-january-10
- https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-january-10
- https://review.jami.net/c/jami-client-qt/+/23569
- https://review.jami.net/c/jami-client-qt/+/23569