{"id":"CVE-2016-10188","details":"Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.","modified":"2026-03-20T11:04:49.435334Z","published":"2017-03-14T14:59:00.340Z","related":["MGASA-2017-0200"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/95935"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3853"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/30/4"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/11"},{"type":"FIX","url":"https://bugs.bitlbee.org/ticket/1281"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bitlbee/bitlbee","events":[{"introduced":"0"},{"last_affected":"14f912d4c1e818d39234c874036e4fe60227d1dc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.2"}]}}],"versions":["0.99","1.0","1.1.1","1.2","1.2-1","1.2-2","1.2-3","1.2-4","1.2-5","1.2.1","1.2.1-1","1.2.1-1.1","1.2.1-2","1.2.1-3","1.2.2","1.2.2-1","1.2.3","1.2.3-1","1.2.3-2","1.2.4","1.2.4-1","1.2.4-2","1.2.5","1.2.5-1","1.2.6","1.2.6a","1.2.6a-1","1.2.7","1.2.8","1.2.8-1","1.3dev","3.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4-1","3.0.5","3.0.5-1","3.0.6","3.0.6-1","3.2","3.2-1","3.2.1","3.2.1+otr4-1","3.2.1-1","3.2.2","3.2.2-1","3.4","3.4.1","3.4.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10188.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}