First published: Tue Mar 14 2017(Updated: )
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
BitlBee | <=3.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-10188 has a severity rating that could lead to denial of service or potential remote code execution.
To fix CVE-2016-10188, update Bitlbee to version 3.5 or later.
CVE-2016-10188 is caused by a use-after-free condition in the bitlbee-libpurple component during file transfer connections.
CVE-2016-10188 affects users of Bitlbee versions prior to 3.5.
The impacts of CVE-2016-10188 include application crashes and possible arbitrary code execution.