CVE-2017-5668 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	Receiving a file transfer request from a contact not in the contact list results in a null pointer dereference, leading to remote DoS by malicious remote clients. Additionally, due to an incomplete fix of the issue above in BitlBee 3.5, the bitlbee-libpurple variant is still affected in 3.5.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-160	bitlbee	3.5-1	3.5.1-1	Medium	Not affected

References
http://marc.info/?l=oss-security&m=148580159532168&w=2 https://bugs.bitlbee.org/ticket/1282

Notes
This results in denial of service (remote crash of the BitlBee instance). Remote code execution does not seem to be possible (fixed offset) For BitlBee servers configured in ForkDaemon mode (default) or inetd mode, the crash is limited to one user connection, who may just reconnect.

Notes

This results in denial of service (remote crash of the BitlBee
instance). Remote code execution does not seem to be possible (fixed
offset)

For BitlBee servers configured in ForkDaemon mode (default) or inetd
mode, the crash is limited to one user connection, who may just
reconnect.