5.9
CVE-2017-5592
- EPSS 0.84%
- Veröffentlicht 09.02.2017 20:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Profanity Project ≫ Profanity Version0.4.7 Update-
Profanity Project ≫ Profanity Version0.4.7 Updatecyg1
Profanity Project ≫ Profanity Version0.4.7 Updatecyg2
Profanity Project ≫ Profanity Version0.4.7 Updatecyg3
Profanity Project ≫ Profanity Version0.4.7 Updatepatch1
Profanity Project ≫ Profanity Version0.5.0 Update-
Profanity Project ≫ Profanity Version0.5.0 Updaterc1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.84% | 0.53 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-346 Origin Validation Error
The product does not properly verify that the source of data or communication is valid.
http://openwall.com/lists/oss-security/2017/02/09/29
https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
http://www.securityfocus.com/bid/96173
https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b