CVE-2017-5591

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-5591

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5591.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-5591

Aliases

Related

UBUNTU-CVE-2017-5591

Published

2017-02-09T20:59:00Z

Modified

2025-01-08T10:12:41.495796Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.

References

Affected packages

Debian:11 / sleekxmpp

Package

Name: sleekxmpp
Purl: pkg:deb/debian/sleekxmpp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / slixmpp

Package

Name: slixmpp
Purl: pkg:deb/debian/slixmpp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.2-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / slixmpp

Package

Name: slixmpp
Purl: pkg:deb/debian/slixmpp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.2-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / slixmpp

Package

Name: slixmpp
Purl: pkg:deb/debian/slixmpp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.2-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/fritzy/sleekxmpp

Affected ranges

Type: GIT
Repo: https://github.com/fritzy/sleekxmpp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

bb094cc6498838cece046d9ed74881232fb5010d

Type: GIT
Repo: https://github.com/poezio/slixmpp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

22664ee7b86c8e010f312b66d12590fb47160ad8

Fixed

22664ee7b86c8e010f312b66d12590fb47160ad8

Affected versions

0.*

0.9RC1

1.*

1.0

1.0-Beta1

1.0-Beta2

1.0-Beta3

1.0-Beta4

1.0-Beta5

1.0-Beta6

1.0-Beta6.1

1.0-RC1

1.0-RC2

1.0-RC3

1.0.0-beta5

1.1

1.1.1

1.1.10

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2.0

1.2.5

1.3.0

Other

hildjj-dev

sleek-hildjj-dev

sleek-0.*

sleek-0.9-conn-fixes1

sleek-0.9-conn-fixes2

sleek-0.9-conn-fixes3

sleek-0.9RC1

sleek-1.*

sleek-1.0

sleek-1.0-Beta1

sleek-1.0-Beta2

sleek-1.0-Beta3

sleek-1.0-Beta4

sleek-1.0-Beta5

sleek-1.0-Beta6

sleek-1.0-Beta6.1

sleek-1.0-RC1

sleek-1.0-RC2

sleek-1.0-RC3

sleek-1.0.0-beta5

sleek-1.1

sleek-1.1.1

sleek-1.1.10

sleek-1.1.11

sleek-1.1.2

sleek-1.1.3

sleek-1.1.4

sleek-1.1.5

sleek-1.1.6

sleek-1.1.7

sleek-1.1.8

sleek-1.1.9

sleek-1.2.0

sleek-1.2.5

sleek-1.3.0

sleek-1.3.1

slix-1.*

slix-1.0

slix-1.1

slix-1.2

slix-1.2.1

slix-1.2.2

slix-1.2.3