VYPR
Critical severity9.8NVD Advisory· Published Mar 14, 2017· Updated Jun 17, 2026

CVE-2017-5668

CVE-2017-5668

Description

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Bitlbee/Bitlbee2 versions
    cpe:2.3:a:bitlbee:bitlbee:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bitlbee:bitlbee:*:*:*:*:*:*:*:*range: <=3.4.2
    • (no CPE)range: <3.5.1
  • cpe:2.3:a:bitlbee:bitlbee-libpurple:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bitlbee:bitlbee-libpurple:*:*:*:*:*:*:*:*range: <=3.5
    • (no CPE)range: <3.5.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.