509 matches found
UBUNTU-CVE-2017-5668
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2017-5668
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2017-5668
CVE-2017-5668 affects bitlbee-libpurple before 3.5.1. A remote attacker can trigger a denial of service (NULL pointer dereference/crash) and possibly execute arbitrary code via a file transfer request for a contact not in the list, due to an incomplete fix for CVE-2016-10189. Public advisories/de...
CVE-2017-5668
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2016-10188
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service crash or possibly execute arbitrary code by causing a file transfer connection to expire...
CVE-2016-10188
The CVE CVE-2016-10188 affects bitlbee-libpurple prior to 3.5. A use-after-free vulnerability allows a remote attacker to cause a denial of service (crash) or potentially execute arbitrary code by causing a file transfer connection to expire. Public advisories and vulnerability records confirm th...
CVE-2016-10188
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service crash or possibly execute arbitrary code by causing a file transfer connection to expire...
Debian DLA-832-1 : bitlbee security update
CVE-2017-5668 Fix for incomplete fix for 'NULL pointer dereference with file transfer request from unknown contacts'. Though this package wasn't in Wheezy with this issue, I mention it here. The fix was done with the second patch for CVE-2016-10189 CVE-2016-10189 NULL pointer dereference with fil...
[SECURITY] [DLA 832-1] bitlbee security update
Package : bitlbee Version : 3.0.5-1.2+deb7u1 CVE ID : CVE-2016-10188 CVE-2016-10189 CVE-2017-5668 CVE-2017-5668 Fix for incomplete fix for "Null pointer dereference with file transfer request from unknown contacts". Though this package wasnt in Wheezy with this issue, I mention it here. The fix w...
bitlbee-libpurple Denial of Service Vulnerability
bitlbee is an irc server. libpurple is one of the libraries used to develop IM instant messaging programs. A denial of service vulnerability exists in bitlbee-libpurple. An attacker can exploit this vulnerability to cause a denial of service...
The vulnerability of the Pidgin instant messaging system allows a remote attacker to trigger a service denial.
The Pidgin software contains a vulnerability in the sub-component libpurple. Exploiting this vulnerability allows a remote attacker to trigger a denial-of-service attack by manipulating HTTP headers...
libpurple: multiple issues
CVE-2016-2365 denial of service Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. - CVE-2016-2366 denial of service Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. - CVE-2016-2367 information...
CVE-2007-4999
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service NULL dereference and application crash via a message that contains invalid HTML data, a different vector than CVE-2007-4996...
CVE-2009-3084
The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...
Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability
Talos Vulnerability Report VRT-2014-0201 Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability May 11, 2015 Description A exploitable denial of service vulnerability exists in Pidgin’s implem ntation of the MSN Messenger protocol in the libpurple library. An attack...
Pidgin libpurple STUN Response Length NULL Write Vulnerability
Talos Vulnerability Report VRT-2014-0202 Pidgin libpurple STUN Response Length NULL Write Vulnerability May 11, 2015 Description A exploitable NULL write vulnerability exists in Pidgin’s implementation of the STUN protocol in the libpurple library. An attacker who can control the response to a ST...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libpurple-dev package of the Debian GNU/Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
The vulnerability of the libpurple-2.6.3 package in the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
The vulnerability of the libpurple-devel-2.6.3 package in the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
The vulnerability of the libpurple-tcl-2.6.3 package on the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...