CVE-2019-16237

EUVD-2019-7044
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
dinodino
𝑥
< 0.1.0
canonicalubuntu_linux
18.04
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dino-im
bookworm
0.4.2-1
fixed
bullseye
0.2.0-3+deb11u1
fixed
bullseye (security)
0.2.0-3+deb11u1
fixed
sid
0.4.4-1
fixed
trixie
0.4.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dino-im
bionic
Fixed 0.0.git20180130-1ubuntu0.1
released
disco
ignored
eoan
ignored
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2019/09/12/5
https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363
https://gultsch.de/dino_multiple.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC/
https://seclists.org/bugtraq/2019/Sep/31
https://usn.ubuntu.com/4306-1/
https://www.debian.org/security/2019/dsa-4524
http://www.openwall.com/lists/oss-security/2019/09/12/5
https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363
https://gultsch.de/dino_multiple.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC/
https://seclists.org/bugtraq/2019/Sep/31
https://usn.ubuntu.com/4306-1/
https://www.debian.org/security/2019/dsa-4524