bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBitlbee
APPBitlbee≤ 3.4.2Bitlbee Libpurple
APPBitlbee≤ 3.5
Powiązane podatności
Bitlbee does not drop extra group privileges correctly in unix.c
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of servic...
BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) a...
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing ...
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack...