vulnerability
Ubuntu: (CVE-2017-5591): sleekxmpp vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 9, 2017 | Jun 26, 2025 | Jul 28, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 9, 2017
Added
Jun 26, 2025
Modified
Jul 28, 2025
Description
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.
Solution
no-fix-ubuntu-package
References
- CVE-2017-5591
- https://attackerkb.com/topics/CVE-2017-5591
- URL-http://openwall.com/lists/oss-security/2017/02/09/29
- URL-https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8
- URL-https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
- URL-https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
- URL-https://www.cve.org/CVERecord?id=CVE-2017-5591
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.