← Back

Pybitmessage

pybitmessage

Vendor: Bitmessage • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-26917
1Bitmessage
1Pybitmessage
Nov 21, 2024
Feb 8, 2021
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there...Show more
PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attackerShow less
CVE-2018-1000070
1Bitmessage
1Pybitmessage
Nov 21, 2024
Mar 13, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__init__.py function cons...Show more
Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__init__.py function constructObject that can result in Code Execution. This attack appears to be exploitable via remote attacker using a malformed message which must be processed by the victim - e.g. arrive from any sender on bitmessage network. This vulnerability appears to have been fixed in v0.6.3.Show less