{"id":"CVE-2016-10189","details":"BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.","modified":"2026-01-31T03:30:08.876537Z","published":"2017-03-14T14:59:00.387Z","related":["MGASA-2017-0200"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/95931"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3853"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/01/30/4"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/01/31/11"},{"type":"ADVISORY","url":"https://bugs.bitlbee.org/ticket/1282"},{"type":"ADVISORY","url":"https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"},{"type":"REPORT","url":"https://bugs.bitlbee.org/ticket/1282"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/30/4"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/11"},{"type":"FIX","url":"https://bugs.bitlbee.org/ticket/1282"},{"type":"FIX","url":"https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/01/30/4"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/01/31/11"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bitlbee/bitlbee","events":[{"introduced":"0"},{"fixed":"701ab8129ba9ea64f569daedca9a8603abad740f"}]}],"versions":["0.99","1.0","1.1.1","1.2","1.2-1","1.2-2","1.2-3","1.2-4","1.2-5","1.2.1","1.2.1-1","1.2.1-1.1","1.2.1-2","1.2.1-3","1.2.2","1.2.2-1","1.2.3","1.2.3-1","1.2.3-2","1.2.4","1.2.4-1","1.2.4-2","1.2.5","1.2.5-1","1.2.6","1.2.6a","1.2.6a-1","1.2.7","1.2.8","1.2.8-1","1.3dev","3.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4-1","3.0.5","3.0.5-1","3.0.6","3.0.6-1","3.2","3.2-1","3.2.1","3.2.1+otr4-1","3.2.1-1","3.2.2","3.2.2-1","3.4","3.4.1","3.4.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10189.json","vanir_signatures":[{"signature_type":"Function","id":"CVE-2016-10189-496038f2","digest":{"function_hash":"200091833146978092335437910148232884039","length":285},"source":"https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f","deprecated":false,"signature_version":"v1","target":{"function":"imcb_file_send_start","file":"protocols/bee_ft.c"}},{"signature_type":"Line","id":"CVE-2016-10189-f15d11ca","digest":{"threshold":0.9,"line_hashes":["31214447550493281204817866590060204183","210350765956590592246008159040789573546","201206104002082530852136588434309667200","134750621041171994627188307491181361821"]},"source":"https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f","deprecated":false,"signature_version":"v1","target":{"file":"protocols/bee_ft.c"}}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}