Bitmessage · Pybitmessage · CVE-2018-1000070
Name of the Vulnerable Software and Affected Versions:
PyBitmessage version v0.6.2
Description:
The issue concerns a code execution vulnerability due to an eval injection in the main program, specifically in the `constructObject` function within the file `src/messagetypes/ init .py`. This vulnerability can be exploited by a remote attacker sending a malformed message to the victim over the Bitmessage network. The issue was fixed in version v0.6.3.
Recommendations:
For PyBitmessage version v0.6.2, update to version v0.6.3 to resolve the issue.