bitlbee-libpurple prior to 3.5.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bitlbee bitlbee |
||
bitlbee bitlbee-libpurple |