1. CVE-Search
  2. CVE-2017-5668
ID CVE-2017-5668
Summary bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
References
Vulnerable Configurations
  • cpe:2.3:a:bitlbee:bitlbee:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.72:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.73:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.74:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.74:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.74a:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.74a:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.80:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.80:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.81:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.81:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.81a:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.81a:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.82:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.82:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.83:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.83:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.84:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.84:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.85:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.85:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.85a:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.85a:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.90:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.90a:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.90a:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.99:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.6a:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.6a:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee-libpurple:*:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee-libpurple:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-03-2017 - 01:59)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 95932
confirm
mlist
  • [oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee
  • [oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee
Last major update 16-03-2017 - 01:59
Published 14-03-2017 - 14:59
Last modified 16-03-2017 - 01:59
Back to Top