Bitlbee : Security Vulnerabilities, CVEs, CVSS score >= 8
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
Max CVSS
9.8
EPSS Score
3.16%
Published
2017-03-14
Updated
2017-03-16
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-03-14
Updated
2017-11-04
Bitlbee does not drop extra group privileges correctly in unix.c
Max CVSS
9.8
EPSS Score
0.51%
Published
2019-10-29
Updated
2019-10-31
3 vulnerabilities found