First published: Tue Mar 14 2017(Updated: )
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Bitlbee Bitlbee | <=3.4.2 | |
Bitlbee Bitlbee-libpurple | <=3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.