2 matches found
CVE-2017-5668
CVE-2017-5668 affects bitlbee-libpurple before 3.5.1. A remote attacker can trigger a denial of service (NULL pointer dereference/crash) and possibly execute arbitrary code via a file transfer request for a contact not in the list, due to an incomplete fix for CVE-2016-10189. Public advisories/de...
CVE-2016-10189
CVE-2016-10189 affects BitlBee; prior to version 3.5, a remote attacker can trigger a NULL pointer dereference via a file transfer request for a contact not in the list, leading to a crash and possible arbitrary code execution. Public advisories (Debian DSA-3853/DSA-3853-1, Mageia MGASA-2017-0200...