Lucene search

Bitlbee Security Vulnerabilities

cve

CVE-2008-3920

Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.

6.3AI Score

0.015EPSS

2008-09-04 06:41 PM

cve

CVE-2008-3969

Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.

6.6AI Score

0.015EPSS

2008-09-11 01:13 AM

cve

CVE-2012-1187

Bitlbee does not drop extra group privileges correctly in unix.c

9.8CVSS

9.4AI Score

0.005EPSS

2019-10-29 07:15 PM

cve

CVE-2016-10188

Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.

9.8CVSS

9.7AI Score

0.007EPSS

2017-03-14 02:59 PM

cve

CVE-2016-10189

BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.

7.5CVSS

8.7AI Score

0.059EPSS

2017-03-14 02:59 PM

cve

CVE-2017-5668

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CV...

9.8CVSS

8.9AI Score

0.059EPSS

2017-03-14 02:59 PM