CVE-2021-26917

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported awa...

CVE-2021-26917

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported awa...

Code injection

DISPUTED PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually...

CVE-2021-26917

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported awa...

CVE-2021-26917

PyBitmessage (versions up to 0.6.3.2) is affected by CVE-2021-26917. A crafted apinotifypath value can cause the application to write screen captures to potentially unwanted directories on the local host. The public descriptions note that there is no evidence these screen intercepts are transport...

PyBitmessage Security Vulnerability

PyBitmessage is an open source P2P communication protocol. It is used to send encrypted messages to other people or many subscribers. A security vulnerability exists in PyBitmessage version 0.6.3.2, which stems from a vulnerability that allows an attacker to write screenshots to potentially...

PT-2021-17174 · Unknown · Pybitmessage

Name of the Vulnerable Software and Affected Versions: PyBitmessage versions 0.6.3.2 and earlier Description: The issue allows attackers to write screen captures to potentially unwanted directories via a crafted apinotifypath value. It is noted that security mitigation may not be necessary as the...

Bitmessage PyBitmessage Code Execution Vulnerability

Bitmessage PyBitmessage is a cryptographic decentralized communication protocol. Bitmessage PyBitmessage version 0.6.2 and commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 and later have a vulnerability in the src/messagetypes/init.py file's ' constructObject' function has a security vulnerability...

Design/Logic Flaw

Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...

CVE-2018-1000070

Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...

CVE-2018-1000070

Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...

CVE-2018-1000070

Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...

CVE-2018-1000070

CVE-2018-1000070 relates to Bitmessage PyBitmessage. The connected CNVD/CNVD-2018-07896 and CNVD-derived entries confirm a vulnerability in the file src/messagetypes/init .py, in the function constructObject, within PyBitmessage v0.6.2 and later (introduced around commit 8ce72d8d...), that enable...

Hackers Exploiting 'Bitmessage' Zero-Day to Steal Bitcoin Wallet Keys

Bitmessage developers have warned of a critical 'remotely executable' zero-day vulnerability in the PyBitmessage application that was being exploited in the wild. Bitmessage is a Peer-to-Peer P2P communications protocol used to send encrypted messages to users. Since it is decentralized and...

bitmessage -- remote code execution vulnerability

Bitmessage developers report: A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2. Will be updated if/when CVE will be available...