CVE-2017-5668 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Denial of service |
Description | Receiving a file transfer request from a contact not in the contact list results in a null pointer dereference, leading to remote DoS by malicious remote clients. Additionally, due to an incomplete fix of the issue above in BitlBee 3.5, the bitlbee-libpurple variant is still affected in 3.5. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-160 | bitlbee | 3.5-1 | 3.5.1-1 | Medium | Not affected |
References |
---|
http://marc.info/?l=oss-security&m=148580159532168&w=2 https://bugs.bitlbee.org/ticket/1282 |
Notes |
---|
This results in denial of service (remote crash of the BitlBee instance). Remote code execution does not seem to be possible (fixed offset) For BitlBee servers configured in ForkDaemon mode (default) or inetd mode, the crash is limited to one user connection, who may just reconnect. |