Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2021-34825 (GCVE-0-2021-34825)

Vulnerability from cvelistv5 – Published: 2021-06-17 13:25 – Updated: 2024-08-04 00:26

Summary

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

3 references

URL	Tags
https://github.com/quassel/quassel/pull/581	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:26:53.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/pull/581"
          },
          {
            "name": "FEDORA-2021-2e2ba6d39f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
          },
          {
            "name": "FEDORA-2021-75cec6e6da",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-30T04:06:17.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/quassel/quassel/pull/581"
        },
        {
          "name": "FEDORA-2021-2e2ba6d39f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
        },
        {
          "name": "FEDORA-2021-75cec6e6da",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-34825",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/pull/581",
              "refsource": "MISC",
              "url": "https://github.com/quassel/quassel/pull/581"
            },
            {
              "name": "FEDORA-2021-2e2ba6d39f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
            },
            {
              "name": "FEDORA-2021-75cec6e6da",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-34825",
    "datePublished": "2021-06-17T13:25:39.000Z",
    "dateReserved": "2021-06-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:26:53.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000178 (GCVE-0-2018-1000178)

Vulnerability from cvelistv5 – Published: 2018-05-08 15:00 – Updated: 2024-08-05 12:33

Summary

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

6 references

URL	Tags
https://www.debian.org/security/2018/dsa-4189	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://github.com/quassel/quassel/blob/master/sr…	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201806-04	vendor-advisoryx_refsource_GENTOO
https://i.imgur.com/JJ4QcNq.png	x_refsource_MISC
https://usn.ubuntu.com/4594-1/	vendor-advisoryx_refsource_UBUNTU

Date Public

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4189",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4189"
          },
          {
            "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
          },
          {
            "name": "GLSA-201806-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201806-04"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://i.imgur.com/JJ4QcNq.png"
          },
          {
            "name": "USN-4594-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4594-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-04-30T00:00:00.000Z",
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray \u0026msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-26T21:06:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4189",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4189"
        },
        {
          "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
        },
        {
          "name": "GLSA-201806-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201806-04"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://i.imgur.com/JJ4QcNq.png"
        },
        {
          "name": "USN-4594-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4594-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-04-30T20:15:49.357909",
          "DATE_REQUESTED": "2018-04-23T00:00:00",
          "ID": "CVE-2018-1000178",
          "REQUESTER": "nongiach@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray \u0026msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4189",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4189"
            },
            {
              "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
            },
            {
              "name": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
            },
            {
              "name": "GLSA-201806-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201806-04"
            },
            {
              "name": "https://i.imgur.com/JJ4QcNq.png",
              "refsource": "MISC",
              "url": "https://i.imgur.com/JJ4QcNq.png"
            },
            {
              "name": "USN-4594-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4594-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000178",
    "datePublished": "2018-05-08T15:00:00.000Z",
    "dateReserved": "2018-04-23T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:33:49.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000179 (GCVE-0-2018-1000179)

Vulnerability from cvelistv5 – Published: 2018-05-08 15:00 – Updated: 2024-08-05 12:33

Summary

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

4 references

URL	Tags
https://www.debian.org/security/2018/dsa-4189	vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201806-04	vendor-advisoryx_refsource_GENTOO
https://github.com/quassel/quassel/blob/master/sr…	x_refsource_CONFIRM
https://usn.ubuntu.com/4594-1/	vendor-advisoryx_refsource_UBUNTU

Date Public

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4189",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4189"
          },
          {
            "name": "GLSA-201806-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201806-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
          },
          {
            "name": "USN-4594-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4594-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-04-30T00:00:00.000Z",
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login \u0026msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-26T21:06:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4189",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4189"
        },
        {
          "name": "GLSA-201806-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201806-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
        },
        {
          "name": "USN-4594-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4594-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-04-30T20:15:49.358309",
          "DATE_REQUESTED": "2018-04-23T00:00:00",
          "ID": "CVE-2018-1000179",
          "REQUESTER": "nongiach@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login \u0026msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4189",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4189"
            },
            {
              "name": "GLSA-201806-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201806-04"
            },
            {
              "name": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
            },
            {
              "name": "USN-4594-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4594-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000179",
    "datePublished": "2018-05-08T15:00:00.000Z",
    "dateReserved": "2018-04-23T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:33:49.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-4414 (GCVE-0-2016-4414)

Vulnerability from cvelistv5 – Published: 2016-06-13 19:00 – Updated: 2024-08-06 00:25

Summary

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

8 references

URL	Tags
http://www.openwall.com/lists/oss-security/2016/04/30/4	mailing-listx_refsource_MLIST
https://github.com/quassel/quassel/commit/e678873	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
http://quassel-irc.org/node/129	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2016/04/30/2	mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2016-04-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:25:14.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/e678873"
          },
          {
            "name": "openSUSE-SU-2016:1314",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://quassel-irc.org/node/129"
          },
          {
            "name": "FEDORA-2016-bf916bcc04",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
          },
          {
            "name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
          },
          {
            "name": "FEDORA-2016-42f30d76a0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
          },
          {
            "name": "FEDORA-2016-0431acaa78",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-13T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/e678873"
        },
        {
          "name": "openSUSE-SU-2016:1314",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://quassel-irc.org/node/129"
        },
        {
          "name": "FEDORA-2016-bf916bcc04",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
        },
        {
          "name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
        },
        {
          "name": "FEDORA-2016-42f30d76a0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
        },
        {
          "name": "FEDORA-2016-0431acaa78",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
            },
            {
              "name": "https://github.com/quassel/quassel/commit/e678873",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/e678873"
            },
            {
              "name": "openSUSE-SU-2016:1314",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
            },
            {
              "name": "http://quassel-irc.org/node/129",
              "refsource": "CONFIRM",
              "url": "http://quassel-irc.org/node/129"
            },
            {
              "name": "FEDORA-2016-bf916bcc04",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
            },
            {
              "name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
            },
            {
              "name": "FEDORA-2016-42f30d76a0",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
            },
            {
              "name": "FEDORA-2016-0431acaa78",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4414",
    "datePublished": "2016-06-13T19:00:00.000Z",
    "dateReserved": "2016-04-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:25:14.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8547 (GCVE-0-2015-8547)

Vulnerability from cvelistv5 – Published: 2016-01-08 19:00 – Updated: 2024-08-06 08:20

Summary

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

7 references

URL	Tags
http://lists.opensuse.org/opensuse-updates/2015-1…	vendor-advisoryx_refsource_SUSE
https://github.com/quassel/quassel/pull/153	x_refsource_CONFIRM
https://github.com/quassel/quassel/commit/b8edbda…	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2015/12/12/1	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2015/12/13/1	mailing-listx_refsource_MLIST

Date Public

2015-12-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2015:2345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/pull/153"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
          },
          {
            "name": "FEDORA-2016-3bc3d7f66e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
          },
          {
            "name": "FEDORA-2016-7f0b1e47ac",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
          },
          {
            "name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
          },
          {
            "name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the \"/op *\" command in a query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2015:2345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/pull/153"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
        },
        {
          "name": "FEDORA-2016-3bc3d7f66e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
        },
        {
          "name": "FEDORA-2016-7f0b1e47ac",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
        },
        {
          "name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
        },
        {
          "name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the \"/op *\" command in a query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2015:2345",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
            },
            {
              "name": "https://github.com/quassel/quassel/pull/153",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/pull/153"
            },
            {
              "name": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
            },
            {
              "name": "FEDORA-2016-3bc3d7f66e",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
            },
            {
              "name": "FEDORA-2016-7f0b1e47ac",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
            },
            {
              "name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
            },
            {
              "name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8547",
    "datePublished": "2016-01-08T19:00:00.000Z",
    "dateReserved": "2015-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:20:43.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3427 (GCVE-0-2015-3427)

Vulnerability from cvelistv5 – Published: 2015-05-14 14:00 – Updated: 2024-08-06 05:47

Summary

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

3 references

URL	Tags
http://www.quassel-irc.org/node/127	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3258	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/74339	vdb-entryx_refsource_BID

Date Public

2015-05-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.quassel-irc.org/node/127"
          },
          {
            "name": "DSA-3258",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3258"
          },
          {
            "name": "74339",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74339"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \\ (backslash) in a message.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-02T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.quassel-irc.org/node/127"
        },
        {
          "name": "DSA-3258",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3258"
        },
        {
          "name": "74339",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74339"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \\ (backslash) in a message.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.quassel-irc.org/node/127",
              "refsource": "CONFIRM",
              "url": "http://www.quassel-irc.org/node/127"
            },
            {
              "name": "DSA-3258",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3258"
            },
            {
              "name": "74339",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74339"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3427",
    "datePublished": "2015-05-14T14:00:00.000Z",
    "dateReserved": "2015-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:47:57.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2778 (GCVE-0-2015-2778)

Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24

Summary

Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

6 references

URL	Tags
https://github.com/quassel/quassel/commit/b5e3897…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2015/03/28/3	mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/73305	vdb-entryx_refsource_BID

Date Public

2015-02-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
          },
          {
            "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
          },
          {
            "name": "openSUSE-SU-2015:0687",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
          },
          {
            "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
          },
          {
            "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
          },
          {
            "name": "73305",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73305"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
        },
        {
          "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
        },
        {
          "name": "openSUSE-SU-2015:0687",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
        },
        {
          "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
        },
        {
          "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
        },
        {
          "name": "73305",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73305"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2778",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
            },
            {
              "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
            },
            {
              "name": "openSUSE-SU-2015:0687",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
            },
            {
              "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
            },
            {
              "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
            },
            {
              "name": "73305",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73305"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2778",
    "datePublished": "2015-04-10T14:00:00.000Z",
    "dateReserved": "2015-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:24:38.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2779 (GCVE-0-2015-2779)

Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24

Summary

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

8 references

URL	Tags
https://github.com/quassel/quassel/commit/b5e3897…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/74048	vdb-entryx_refsource_BID
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2015/03/28/3	mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2015-02-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
          },
          {
            "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
          },
          {
            "name": "74048",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74048"
          },
          {
            "name": "openSUSE-SU-2015:0687",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
          },
          {
            "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
          },
          {
            "name": "FEDORA-2015-4689",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
          },
          {
            "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
          },
          {
            "name": "FEDORA-2015-4531",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
        },
        {
          "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
        },
        {
          "name": "74048",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74048"
        },
        {
          "name": "openSUSE-SU-2015:0687",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
        },
        {
          "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
        },
        {
          "name": "FEDORA-2015-4689",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
        },
        {
          "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
        },
        {
          "name": "FEDORA-2015-4531",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
            },
            {
              "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
            },
            {
              "name": "74048",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74048"
            },
            {
              "name": "openSUSE-SU-2015:0687",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
            },
            {
              "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
            },
            {
              "name": "FEDORA-2015-4689",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
            },
            {
              "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
            },
            {
              "name": "FEDORA-2015-4531",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2779",
    "datePublished": "2015-04-10T14:00:00.000Z",
    "dateReserved": "2015-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:24:38.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8483 (GCVE-0-2014-8483)

Vulnerability from cvelistv5 – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:18

Summary

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

11 references

URL	Tags
http://secunia.com/advisories/61932	third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-2401-1	vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/62261	third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-3063	vendor-advisoryx_refsource_DEBIAN
http://bugs.quassel-irc.org/issues/1314	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
http://www.debian.org/security/2014/dsa-3068	vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/62035	third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
https://github.com/quassel/quassel/commit/8b5ecd2…	x_refsource_CONFIRM

Date Public

2014-09-27 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "61932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61932"
          },
          {
            "name": "openSUSE-SU-2014:1406",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
          },
          {
            "name": "USN-2401-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2401-1"
          },
          {
            "name": "62261",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62261"
          },
          {
            "name": "DSA-3063",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3063"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.quassel-irc.org/issues/1314"
          },
          {
            "name": "openSUSE-SU-2015:0573",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
          },
          {
            "name": "DSA-3068",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3068"
          },
          {
            "name": "62035",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62035"
          },
          {
            "name": "openSUSE-SU-2014:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-25T12:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "61932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61932"
        },
        {
          "name": "openSUSE-SU-2014:1406",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
        },
        {
          "name": "USN-2401-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2401-1"
        },
        {
          "name": "62261",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62261"
        },
        {
          "name": "DSA-3063",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3063"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.quassel-irc.org/issues/1314"
        },
        {
          "name": "openSUSE-SU-2015:0573",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
        },
        {
          "name": "DSA-3068",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3068"
        },
        {
          "name": "62035",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62035"
        },
        {
          "name": "openSUSE-SU-2014:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8483",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "61932",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61932"
            },
            {
              "name": "openSUSE-SU-2014:1406",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
            },
            {
              "name": "USN-2401-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2401-1"
            },
            {
              "name": "62261",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62261"
            },
            {
              "name": "DSA-3063",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3063"
            },
            {
              "name": "http://bugs.quassel-irc.org/issues/1314",
              "refsource": "CONFIRM",
              "url": "http://bugs.quassel-irc.org/issues/1314"
            },
            {
              "name": "openSUSE-SU-2015:0573",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
            },
            {
              "name": "DSA-3068",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3068"
            },
            {
              "name": "62035",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62035"
            },
            {
              "name": "openSUSE-SU-2014:1382",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
            },
            {
              "name": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8483",
    "datePublished": "2014-11-06T15:00:00.000Z",
    "dateReserved": "2014-10-24T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:18:48.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6404 (GCVE-0-2013-6404)

Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 17:39

Summary

Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

8 references

URL	Tags
https://github.com/quassel/quassel/commit/a1a24da	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-1…	vendor-advisoryx_refsource_SUSE
http://www.openwall.com/lists/oss-security/2013/11/28/8	mailing-listx_refsource_MLIST
http://quassel-irc.org/node/123	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://secunia.com/advisories/55640	third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
http://osvdb.org/100432	vdb-entryx_refsource_OSVDB

Date Public

2013-11-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.300Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/a1a24da"
          },
          {
            "name": "openSUSE-SU-2013:1929",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
          },
          {
            "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://quassel-irc.org/node/123"
          },
          {
            "name": "quasselirc-cve20136404-sec-bypass(89377)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
          },
          {
            "name": "55640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55640"
          },
          {
            "name": "openSUSE-SU-2014:0114",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
          },
          {
            "name": "100432",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/100432"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users\u0027 backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/a1a24da"
        },
        {
          "name": "openSUSE-SU-2013:1929",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
        },
        {
          "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://quassel-irc.org/node/123"
        },
        {
          "name": "quasselirc-cve20136404-sec-bypass(89377)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
        },
        {
          "name": "55640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55640"
        },
        {
          "name": "openSUSE-SU-2014:0114",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
        },
        {
          "name": "100432",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/100432"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6404",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users\u0027 backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/commit/a1a24da",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/a1a24da"
            },
            {
              "name": "openSUSE-SU-2013:1929",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
            },
            {
              "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
            },
            {
              "name": "http://quassel-irc.org/node/123",
              "refsource": "CONFIRM",
              "url": "http://quassel-irc.org/node/123"
            },
            {
              "name": "quasselirc-cve20136404-sec-bypass(89377)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
            },
            {
              "name": "55640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55640"
            },
            {
              "name": "openSUSE-SU-2014:0114",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
            },
            {
              "name": "100432",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/100432"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6404",
    "datePublished": "2013-12-09T11:00:00.000Z",
    "dateReserved": "2013-11-04T00:00:00.000Z",
    "dateUpdated": "2024-08-06T17:39:01.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3443 (GCVE-0-2010-3443)

Vulnerability from cvelistv5 – Published: 2013-11-23 11:00 – Updated: 2024-08-07 03:11

Summary

ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

7 references

URL	Tags
http://git.quassel-irc.org/?p=quassel.git%3Ba=com…	x_refsource_CONFIRM
http://bugs.quassel-irc.org/issues/1023	x_refsource_CONFIRM
http://bugs.quassel-irc.org/issues/1024	x_refsource_CONFIRM
http://secunia.com/advisories/55581	third-party-advisoryx_refsource_SECUNIA
http://ubuntu.com/usn/usn-991-1	vendor-advisoryx_refsource_UBUNTU
http://quassel-irc.org/node/115	x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201311-03.xml	vendor-advisoryx_refsource_GENTOO

Date Public

2013-11-07 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:43.740Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.quassel-irc.org/?p=quassel.git%3Ba=commitdiff%3Bh=a4ca568cdf68cf4a0343eb161518dc8e50cea87d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.quassel-irc.org/issues/1023"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.quassel-irc.org/issues/1024"
          },
          {
            "name": "55581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55581"
          },
          {
            "name": "USN-991-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-991-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://quassel-irc.org/node/115"
          },
          {
            "name": "GLSA-201311-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-11-23T18:10:04.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.quassel-irc.org/?p=quassel.git%3Ba=commitdiff%3Bh=a4ca568cdf68cf4a0343eb161518dc8e50cea87d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.quassel-irc.org/issues/1023"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.quassel-irc.org/issues/1024"
        },
        {
          "name": "55581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55581"
        },
        {
          "name": "USN-991-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-991-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://quassel-irc.org/node/115"
        },
        {
          "name": "GLSA-201311-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3443",
    "datePublished": "2013-11-23T11:00:00.000Z",
    "dateReserved": "2010-09-17T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:11:43.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4422 (GCVE-0-2013-4422)

Vulnerability from cvelistv5 – Published: 2013-10-23 15:00 – Updated: 2024-08-06 16:45

Summary

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

8 references

URL	Tags
http://quassel-irc.org/node/120	x_refsource_CONFIRM
http://secunia.com/advisories/55194	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/55581	third-party-advisoryx_refsource_SECUNIA
http://bugs.quassel-irc.org/issues/1244	x_refsource_CONFIRM
http://seclists.org/oss-sec/2013/q4/74	mailing-listx_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://security.gentoo.org/glsa/glsa-201311-03.xml	vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/62923	vdb-entryx_refsource_BID

Date Public

2013-10-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:13.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://quassel-irc.org/node/120"
          },
          {
            "name": "55194",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55194"
          },
          {
            "name": "55581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55581"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.quassel-irc.org/issues/1244"
          },
          {
            "name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q4/74"
          },
          {
            "name": "quasselirc-backslash-sql-injection(87805)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
          },
          {
            "name": "GLSA-201311-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
          },
          {
            "name": "62923",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62923"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://quassel-irc.org/node/120"
        },
        {
          "name": "55194",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55194"
        },
        {
          "name": "55581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55581"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.quassel-irc.org/issues/1244"
        },
        {
          "name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2013/q4/74"
        },
        {
          "name": "quasselirc-backslash-sql-injection(87805)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
        },
        {
          "name": "GLSA-201311-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
        },
        {
          "name": "62923",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62923"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4422",
    "datePublished": "2013-10-23T15:00:00.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:13.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3354 (GCVE-0-2011-3354)

Vulnerability from cvelistv5 – Published: 2011-10-04 10:00 – Updated: 2024-08-06 23:29

Summary

The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

9 references

URL	Tags
http://osvdb.org/75351	vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/45970	third-party-advisoryx_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1200-1	vendor-advisoryx_refsource_UBUNTU
http://bugs.quassel-irc.org/projects/quassel-irc/…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/49526	vdb-entryx_refsource_BID
https://bugs.gentoo.org/show_bug.cgi?id=382313	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.openwall.com/lists/oss-security/2011/09/09/7	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2011/09/08/7	mailing-listx_refsource_MLIST

Date Public

2011-09-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "75351",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/75351"
          },
          {
            "name": "45970",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45970"
          },
          {
            "name": "USN-1200-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1200-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
          },
          {
            "name": "49526",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49526"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
          },
          {
            "name": "quasselirc-ctcp-dos(69682)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
          },
          {
            "name": "[oss-security] 20110909 Re: CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
          },
          {
            "name": "[oss-security] 20110908 CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "75351",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/75351"
        },
        {
          "name": "45970",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45970"
        },
        {
          "name": "USN-1200-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1200-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
        },
        {
          "name": "49526",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49526"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
        },
        {
          "name": "quasselirc-ctcp-dos(69682)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
        },
        {
          "name": "[oss-security] 20110909 Re: CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
        },
        {
          "name": "[oss-security] 20110908 CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3354",
    "datePublished": "2011-10-04T10:00:00.000Z",
    "dateReserved": "2011-08-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:29:56.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Find a vulnerability

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

13 vulnerabilities by quassel-irc

CVE-2021-34825 (GCVE-0-2021-34825)

CVE-2018-1000178 (GCVE-0-2018-1000178)

CVE-2018-1000179 (GCVE-0-2018-1000179)

CVE-2016-4414 (GCVE-0-2016-4414)

CVE-2015-8547 (GCVE-0-2015-8547)

CVE-2015-3427 (GCVE-0-2015-3427)

CVE-2015-2778 (GCVE-0-2015-2778)

CVE-2015-2779 (GCVE-0-2015-2779)

CVE-2014-8483 (GCVE-0-2014-8483)

CVE-2013-6404 (GCVE-0-2013-6404)

CVE-2010-3443 (GCVE-0-2010-3443)

CVE-2013-4422 (GCVE-0-2013-4422)

CVE-2011-3354 (GCVE-0-2011-3354)

Find a vulnerability

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

13 vulnerabilities by quassel-irc

CVE-2021-34825 (GCVE-0-2021-34825)

CVE-2018-1000178 (GCVE-0-2018-1000178)

CVE-2018-1000179 (GCVE-0-2018-1000179)

CVE-2016-4414 (GCVE-0-2016-4414)

CVE-2015-8547 (GCVE-0-2015-8547)

CVE-2015-3427 (GCVE-0-2015-3427)

CVE-2015-2778 (GCVE-0-2015-2778)

CVE-2015-2779 (GCVE-0-2015-2779)

CVE-2014-8483 (GCVE-0-2014-8483)

CVE-2013-6404 (GCVE-0-2013-6404)

CVE-2010-3443 (GCVE-0-2010-3443)

CVE-2013-4422 (GCVE-0-2013-4422)

CVE-2011-3354 (GCVE-0-2011-3354)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.