Vulnerabilities (CVE)

Filtered by vendor Bitmessage Subscribe
Filtered by product Pybitmessage
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26917 1 Bitmessage 1 Pybitmessage 2024-11-21 2.1 LOW 5.5 MEDIUM
** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker.
CVE-2018-1000070 1 Bitmessage 1 Pybitmessage 2024-11-21 6.8 MEDIUM 8.8 HIGH
Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__init__.py function constructObject that can result in Code Execution. This attack appears to be exploitable via remote attacker using a malformed message which must be processed by the victim - e.g. arrive from any sender on bitmessage network. This vulnerability appears to have been fixed in v0.6.3.