vulnerability
Ubuntu: (CVE-2017-5592): profanity vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 9, 2017 | Jun 26, 2025 | Jul 28, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 9, 2017
Added
Jun 26, 2025
Modified
Jul 28, 2025
Description
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).
Solution
no-fix-ubuntu-package
References
- CVE-2017-5592
- https://attackerkb.com/topics/CVE-2017-5592
- URL-http://openwall.com/lists/oss-security/2017/02/09/29
- URL-https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b
- URL-https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
- URL-https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
- URL-https://www.cve.org/CVERecord?id=CVE-2017-5592
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.