CVE-2019-16235

Name of the Vulnerable Software and Affected Versions Dino before 2019-09-10

Description The issue is related to insufficient input validation in the /xep/0280 message carbons.vala module of the Dino instant messaging client. This could allow a remote attacker to impact data integrity. The problem lies in the module's failure to properly check the source of a carbons message.

Recommendations For versions prior to 2019-09-10, as a temporary workaround, consider disabling the module/xep/0280 message carbons.vala until a patch is available. Restrict access to this module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.