ID CVE-2016-4414
Summary The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
References
Vulnerable Configurations
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Quassel IRC 0.12.3
    cpe:2.3:a:quassel-irc:quassel:0.12.3
  • Fedora 22
    cpe:2.3:o:fedoraproject:fedora:22
  • Fedora Project Fedora 23
    cpe:2.3:o:fedoraproject:fedora:23
  • Fedora 24
    cpe:2.3:o:fedoraproject:fedora:24
CVSS
Base: 5.0 (as of 14-06-2016 - 09:27)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-BF916BCC04.NASL
    description Security fix for CVE-2016-4414, Update to latest upstream quassel release, 0.12.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 90973
    published 2016-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90973
    title Fedora 24 : quassel-0.12.4-1.fc24 (2016-bf916bcc04)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-589.NASL
    description This update for quassel fixes the following issues : - CVE-2016-4414: Denial of service vulnerability by unauthenticated clients (boo#978002)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 91206
    published 2016-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91206
    title openSUSE Security Update : quassel (openSUSE-2016-589)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-0431ACAA78.NASL
    description Security fix for CVE-2016-4414, Update to latest upstream quassel release, 0.12.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 90946
    published 2016-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90946
    title Fedora 22 : quassel-0.12.4-1.fc22 (2016-0431acaa78)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7D64D00C43E311E6AB34002590263BF5.NASL
    description Mitre reports : The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 91966
    published 2016-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91966
    title FreeBSD : quassel -- remote denial of service (7d64d00c-43e3-11e6-ab34-002590263bf5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-42F30D76A0.NASL
    description Security fix for CVE-2016-4414, Update to latest upstream quassel release, 0.12.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 90953
    published 2016-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90953
    title Fedora 23 : quassel-0.12.4-1.fc23 (2016-42f30d76a0)
refmap via4
confirm
fedora
  • FEDORA-2016-0431acaa78
  • FEDORA-2016-42f30d76a0
  • FEDORA-2016-bf916bcc04
mlist
  • [oss-security] 20160430 CVE request - Quassel IRC denial of service
  • [oss-security] 20160430 Re: CVE request - Quassel IRC denial of service
suse openSUSE-SU-2016:1314
Last major update 15-06-2016 - 14:42
Published 13-06-2016 - 15:59
Last modified 30-10-2018 - 12:27
Back to Top