VulnerableCode Package Details - pkg:deb/ubuntu/mcabber@1.0.4-1

Search for packages

Package details: pkg:deb/ubuntu/mcabber@1.0.4-1

Essentials
History (0)

purl	pkg:deb/ubuntu/mcabber@1.0.4-1

Next non-vulnerable version	1.1.0-1
Latest non-vulnerable version	1.1.0-1
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-nq93-zvcm-aaag Aliases: CVE-2017-5604	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4.	1.1.0-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-zzxx-ws55-aaaq	MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.	CVE-2016-9928

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version