| Severity |
|
| Remote |
|
| Type |
|
| Description |
| + |
Receiving a file transfer request from a contact not in the contact list results in a null pointer dereference, leading to remote DoS by malicious remote clients. Additionally, due to an incomplete fix of the issue above in BitlBee 3.5, the bitlbee-libpurple variant is still affected in 3.5. |
|
| References |
| + |
http://marc.info/?l=oss-security&m=148580159532168&w=2 |
| + |
https://bugs.bitlbee.org/ticket/1282 |
|
| Notes |
| + |
This results in denial of service (remote crash of the BitlBee |
| + |
instance). Remote code execution does not seem to be possible (fixed |
| + |
offset) |
| + |
|
| + |
For BitlBee servers configured in ForkDaemon mode (default) or inetd |
| + |
mode, the crash is limited to one user connection, who may just |
| + |
reconnect. |
|