Login Sign Up

CVE-2017-5668

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2017-5668 is a critical vulnerability in bitlbee-libpurple that allows remote attackers to trigger a NULL pointer dereference, causing denial of service and potentially executing arbitrary code. This affects users of bitlbee-libpurple versions before 3.5.1 who accept file transfer requests from untrusted contacts.

💻 Affected Systems

Products:
  • bitlbee-libpurple
Versions: All versions before 3.5.1
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists due to incomplete fix for CVE-2016-10189. Only affects configurations using libpurple backend.

📦 What is this software?

Bitlbee by Bitlbee

View all CVEs affecting Bitlbee →

Bitlbee Libpurple by Bitlbee

View all CVEs affecting Bitlbee Libpurple →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service through application crash, disrupting instant messaging services.

🟢

If Mitigated

No impact if patched or if file transfers are disabled from unknown contacts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires sending file transfer request to contact not in contact list. Public exploit details available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.1

Vendor Advisory: https://bugs.bitlbee.org/ticket/1282

Restart Required: Yes

Instructions:

1. Update bitlbee-libpurple to version 3.5.1 or later using package manager. 2. Restart bitlbee service. 3. Verify version with 'bitlbee -v'.

🔧 Temporary Workarounds

Disable file transfers from unknown contacts

linux

Configure bitlbee to reject file transfer requests from contacts not in your contact list

Edit bitlbee config to set 'file_transfers = false' or restrict to trusted contacts only

🧯 If You Can't Patch

  • Disable bitlbee service entirely until patching possible
  • Implement network segmentation to isolate bitlbee instances from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check bitlbee version with 'bitlbee -v' or 'dpkg -l | grep bitlbee' and verify if below 3.5.1

Check Version:

bitlbee -v

Verify Fix Applied:

Confirm version is 3.5.1 or higher and test file transfer functionality

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with NULL pointer dereference errors
  • Unexpected file transfer request logs from unknown contacts

Network Indicators:

  • File transfer protocol requests to bitlbee instances from unexpected sources

SIEM Query:

source="bitlbee.log" AND ("segmentation fault" OR "NULL pointer" OR "file transfer from unknown")

📊 Metadata

CVE ID: CVE-2017-5668
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-476
Published: March 14, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-5668, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2018-16428 9.8

CVE-2018-16428 is a NULL pointer dereference vulnerability in GNOME GLib's g_markup_parse_context_en...

Same vulnerability type (CWE-476)
CVE-2017-12472 9.8

CVE-2017-12472 is a NULL pointer dereference vulnerability in CCN-lite's ccnl-ext-mgmt.c component t...

Same vulnerability type (CWE-476)