CVE-2018-1000179 - A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreA

CVE-2018-1000179

Summary

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.

References

Vulnerable Configurations

cpe:2.3:a:quassel-irc:quassel:0.12.4:*:*:*:*:*:*:*
cpe:2.3:a:quassel-irc:quassel:0.12.4:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 26-10-2020 - 22:15)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236
debian	DSA-4189
gentoo	GLSA-201806-04
ubuntu	USN-4594-1

Last major update

26-10-2020 - 22:15

Published

08-05-2018 - 15:29

Last modified

26-10-2020 - 22:15