cvedb.io
CVE-2018-1000070
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-03-13T15:29:00.283 · Last modified 2026-06-17T01:32:21.270

Summary

Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__init__.py function constructObject that can result in Code Execution. This attack appears to be exploitable via remote attacker using a malformed message which must be processed by the victim - e.g. arrive from any sender on bitmessage network. This vulnerability appears to have been fixed in v0.6.3.

Affected products

bitmessage — pybitmessage

Does this affect you?

Add your gear to cvedb and we'll alert you only when bitmessage ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.