{"id":"CVE-2016-10189","details":"BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.","modified":"2026-03-15T14:14:14.163645Z","published":"2017-03-14T14:59:00.387Z","related":["MGASA-2017-0200"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/95931"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3853"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/30/4"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/11"},{"type":"FIX","url":"https://bugs.bitlbee.org/ticket/1282"},{"type":"FIX","url":"https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bitlbee/bitlbee","events":[{"introduced":"0"},{"last_affected":"14f912d4c1e818d39234c874036e4fe60227d1dc"},{"introduced":"0"},{"last_affected":"79b83dad82d53832827d57a6be454b3f4091adf9"},{"fixed":"701ab8129ba9ea64f569daedca9a8603abad740f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.2"},{"introduced":"0"},{"last_affected":"3.5"}]}}],"versions":["0.99","1.0","1.1.1","1.2","1.2-1","1.2-2","1.2-3","1.2-4","1.2-5","1.2.1","1.2.1-1","1.2.1-1.1","1.2.1-2","1.2.1-3","1.2.2","1.2.2-1","1.2.3","1.2.3-1","1.2.3-2","1.2.4","1.2.4-1","1.2.4-2","1.2.5","1.2.5-1","1.2.6","1.2.6a","1.2.6a-1","1.2.7","1.2.8","1.2.8-1","1.3dev","3.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4-1","3.0.5","3.0.5-1","3.0.6","3.0.6-1","3.2","3.2-1","3.2.1","3.2.1+otr4-1","3.2.1-1","3.2.2","3.2.2-1","3.4","3.4.1","3.4.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10189.json","vanir_signatures":[{"signature_version":"v1","target":{"file":"protocols/bee_ft.c","function":"imcb_file_send_start"},"source":"https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f","signature_type":"Function","id":"CVE-2016-10189-496038f2","digest":{"function_hash":"200091833146978092335437910148232884039","length":285},"deprecated":false},{"signature_version":"v1","target":{"file":"protocols/bee_ft.c"},"source":"https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f","signature_type":"Line","id":"CVE-2016-10189-f15d11ca","digest":{"threshold":0.9,"line_hashes":["31214447550493281204817866590060204183","210350765956590592246008159040789573546","201206104002082530852136588434309667200","134750621041171994627188307491181361821"]},"deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}