bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
Max CVSS
9.8
EPSS Score
3.16%
Published
2017-03-14
Updated
2017-03-16
BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
Max CVSS
7.5
EPSS Score
5.20%
Published
2017-03-14
Updated
2017-11-04
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-03-14
Updated
2017-11-04
Bitlbee does not drop extra group privileges correctly in unix.c
Max CVSS
9.8
EPSS Score
0.51%
Published
2019-10-29
Updated
2019-10-31
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
Max CVSS
5.0
EPSS Score
0.66%
Published
2008-09-11
Updated
2020-07-14
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.42%
Published
2008-09-04
Updated
2017-08-08
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!