Bitlbee : Security vulnerabilities, CVEs Denial of service

Copy

CVE-2017-5668

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.

Max CVSS

9.8

EPSS Score

3.16%

Published

2017-03-14

Updated

2017-03-16

CVE-2016-10189

BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.

Max CVSS

7.5

EPSS Score

5.20%

Published

2017-03-14

Updated

2017-11-04

CVE-2016-10188

Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.

Max CVSS

9.8

EPSS Score

0.70%

Published

2017-03-14

Updated

2017-11-04

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!