PT-2019-4128 · Dino+1 · Dino+1

Daniel Gultsch

·

Publicado

2019-09-11

·

Atualizado

2020-09-14

·

CVE-2019-16236

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Dino before 2019-09-10
Description The issue is related to insufficient input validation in the /roster/module.vala module of the Dino instant messaging client. This can potentially allow a remote attacker to impact data integrity.
Recommendations For versions prior to 2019-09-10, update to a version released after 2019-09-10 to resolve the issue. As a temporary workaround, consider restricting access to the /roster/module.vala module to minimize the risk of exploitation.

Exploit

Correção

Missing Authorization

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-863

Identificadores relacionados

BDU:2019-04707
CVE-2019-16236
DSA-4524-1
USN-4306-1

Produtos afetados

Dino
Ubuntu