Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

FKIE_CVE-2021-34825

Vulnerability from fkie_nvd - Published: 2021-06-17 14:15 - Updated: 2024-11-21 06:11

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.

References

URL	Tags
cve@mitre.org	https://github.com/quassel/quassel/pull/581	Exploit, Patch, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/
af854a3a-2127-422b-91ae-364da2661108	https://github.com/quassel/quassel/pull/581	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/

Impacted products

Vendor	Product	Version
quassel-irc	quassel	*
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D45C3C-3BF7-45D9-B871-46BA91F9764A",
              "versionEndIncluding": "0.13.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system."
    },
    {
      "lang": "es",
      "value": "Quassel versiones hasta 0.13.1, cuando --require-ssl est\u00e1 habilitado, se lanza sin soporte SSL o TLS si no es encontrado un certificado X.509 usable en el sistema local"
    }
  ],
  "id": "CVE-2021-34825",
  "lastModified": "2024-11-21T06:11:16.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-17T14:15:08.233",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/quassel/quassel/pull/581"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/quassel/quassel/pull/581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2018-1000178

Vulnerability from fkie_nvd - Published: 2018-05-08 15:29 - Updated: 2024-11-21 03:39

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

References

URL	Tags
cve@mitre.org	https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62	Patch, Third Party Advisory
cve@mitre.org	https://i.imgur.com/JJ4QcNq.png	Exploit, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201806-04	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4594-1/
cve@mitre.org	https://www.debian.org/security/2018/dsa-4189	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://i.imgur.com/JJ4QcNq.png	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201806-04	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4594-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4189	Third Party Advisory

Impacted products

Vendor	Product	Version
quassel-irc	quassel	0.12.4
debian	debian_linux	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A475F7-40E1-4734-AEA9-28BBC0654641",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray \u0026msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely."
    },
    {
      "lang": "es",
      "value": "Existe una corrupci\u00f3n de memoria din\u00e1mica (heap) de tipo CWE-120 en quassel 0.12.4 en quasselcore en void DataStreamPeer::processMessage(const QByteArray msg) datastreampeer.cpp en la l\u00ednea 62 que permite que un atacante ejecute c\u00f3digo remotamente."
    }
  ],
  "id": "CVE-2018-1000178",
  "lastModified": "2024-11-21T03:39:51.657",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-08T15:29:00.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.imgur.com/JJ4QcNq.png"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201806-04"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/4594-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.imgur.com/JJ4QcNq.png"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201806-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4594-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4189"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2018-1000179

Vulnerability from fkie_nvd - Published: 2018-05-08 15:29 - Updated: 2024-11-21 03:39

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.

References

URL	Tags
cve@mitre.org	https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236	Exploit, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201806-04	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4594-1/
cve@mitre.org	https://www.debian.org/security/2018/dsa-4189	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201806-04	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4594-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4189	Third Party Advisory

Impacted products

Vendor	Product	Version
quassel-irc	quassel	0.12.4
debian	debian_linux	8.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A475F7-40E1-4734-AEA9-28BBC0654641",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login \u0026msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service."
    },
    {
      "lang": "es",
      "value": "Existe una desreferencia de puntero NULL de tipo CWE-476 en quassel 0.12.4 en quasselcore en void DataStreamPeer::processMessage(const QByteArray msg) datastreampeer.cpp line 235 que permite que un atacante provoque una denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2018-1000179",
  "lastModified": "2024-11-21T03:39:51.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-08T15:29:00.723",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201806-04"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/4594-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201806-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4594-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4189"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2016-4414

Vulnerability from fkie_nvd - Published: 2016-06-13 19:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html
cve@mitre.org	http://quassel-irc.org/node/129
cve@mitre.org	http://www.openwall.com/lists/oss-security/2016/04/30/2
cve@mitre.org	http://www.openwall.com/lists/oss-security/2016/04/30/4
cve@mitre.org	https://github.com/quassel/quassel/commit/e678873	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html
af854a3a-2127-422b-91ae-364da2661108	http://quassel-irc.org/node/129
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/04/30/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/04/30/4
af854a3a-2127-422b-91ae-364da2661108	https://github.com/quassel/quassel/commit/e678873	Vendor Advisory

Impacted products

Vendor	Product	Version
opensuse	leap	42.1
opensuse	opensuse	13.2
quassel-irc	quassel	*
fedoraproject	fedora	22
fedoraproject	fedora	23
fedoraproject	fedora	24

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F013CBE6-A57C-41CA-B8B2-555902291A3F",
              "versionEndIncluding": "0.12.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n onReadyRead en core/coreauthhandler.cpp en Quassel en versiones anteriores a 0.12.4 permite a atacantes remotos provocar una ca\u00edda de servicio (referencia a un puntero NULL y ca\u00edda) a trav\u00e9s de una informaci\u00f3n handshake no v\u00e1lida."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
  "id": "CVE-2016-4414",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-13T19:59:08.003",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://quassel-irc.org/node/129"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/quassel/quassel/commit/e678873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://quassel-irc.org/node/129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/quassel/quassel/commit/e678873"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-8547

Vulnerability from fkie_nvd - Published: 2016-01-08 19:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/12/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/13/1
cve@mitre.org	https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7	Vendor Advisory
cve@mitre.org	https://github.com/quassel/quassel/pull/153
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/12/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/13/1
af854a3a-2127-422b-91ae-364da2661108	https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/quassel/quassel/pull/153

Impacted products

Vendor	Product	Version
quassel-irc	quassel	*
opensuse	leap	42.1
opensuse	opensuse	13.1
opensuse	opensuse	13.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65872676-A6F8-4BF6-9665-F83398AAEEA4",
              "versionEndIncluding": "0.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the \"/op *\" command in a query."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n CoreUserInputHandler::doMode en core/coreuserinputhandler.cpp en Quassel 0.10.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s del comando \"/op *\" en una consulta."
    }
  ],
  "id": "CVE-2015-8547",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-08T19:59:14.163",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/quassel/quassel/pull/153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/quassel/quassel/pull/153"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-17"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-3427

Vulnerability from fkie_nvd - Published: 2015-05-14 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

References

URL	Tags
cve@mitre.org	http://www.debian.org/security/2015/dsa-3258
cve@mitre.org	http://www.quassel-irc.org/node/127	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/74339
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3258
af854a3a-2127-422b-91ae-364da2661108	http://www.quassel-irc.org/node/127	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74339

Impacted products

	Vendor	Product	Version
	quassel-irc	quassel	*
	debian	debian_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDE5638-1CA4-413E-980E-7248C24FFAAA",
              "versionEndIncluding": "0.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \\ (backslash) in a message.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422."
    },
    {
      "lang": "es",
      "value": "Quassel anterior a 0.12.2 no maneja debidamente la reinicializaci\u00f3n de la sesi\u00f3n de la base de datos cuando la base de datos PostgreSQL es reiniciada, lo que permite a atacantes remotos llevar a cabo ataques de inyecci\u00f3n SQL a trav\u00e9s de \\ (barra invertida) en un mensaje. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2013-4422."
    }
  ],
  "id": "CVE-2015-3427",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-14T14:59:11.140",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3258"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.quassel-irc.org/node/127"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.quassel-irc.org/node/127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74339"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-2779

Vulnerability from fkie_nvd - Published: 2015-04-10 15:00 - Updated: 2025-04-12 10:46

Severity ?

Summary

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.

References

	URL	Tags
	cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html
	cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html
	cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/03/20/12
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/03/27/11
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/03/28/3
	cve@mitre.org	http://www.securityfocus.com/bid/74048
	cve@mitre.org	https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/03/20/12
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/03/27/11
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/03/28/3
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74048
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8

Impacted products

	Vendor	Product	Version
	quassel-irc	quassel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4E345B-E526-48A7-98CB-57350EF4D485",
              "versionEndIncluding": "0.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad del consumo de la pila en la funcionalidad de la divisi\u00f3n de mensajes en Quassel anterior a 0.12-rc1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (recursi\u00f3n no controlada) a trav\u00e9s de un mensaje manipulado."
    }
  ],
  "id": "CVE-2015-2779",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-10T15:00:05.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74048"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-2778

Vulnerability from fkie_nvd - Published: 2015-04-10 15:00 - Updated: 2025-04-12 10:46

Severity ?

Summary

Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.

References

	URL	Tags
	cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/03/20/12
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/03/27/11
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/03/28/3
	cve@mitre.org	http://www.securityfocus.com/bid/73305
	cve@mitre.org	https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/03/20/12
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/03/27/11
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/03/28/3
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73305
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8

Impacted products

	Vendor	Product	Version
	quassel-irc	quassel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4E345B-E526-48A7-98CB-57350EF4D485",
              "versionEndIncluding": "0.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."
    },
    {
      "lang": "es",
      "value": "Quassel anterior a 0.12-rc1 utiliza un tama\u00f1o de tipo de dato incorrecto cuando se divide un mensaje, lo que permite a usuarios remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una consulta CTCP larga conteniendo \u00fanicamente caracteres multibyte."
    }
  ],
  "id": "CVE-2015-2778",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-10T15:00:04.210",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73305"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-3354

Vulnerability from fkie_nvd - Published: 2011-10-04 10:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.

References

URL	Tags
secalert@redhat.com	http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp	Patch
secalert@redhat.com	http://osvdb.org/75351
secalert@redhat.com	http://secunia.com/advisories/45970	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/09/08/7
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/09/09/7
secalert@redhat.com	http://www.securityfocus.com/bid/49526
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1200-1
secalert@redhat.com	https://bugs.gentoo.org/show_bug.cgi?id=382313
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/69682
af854a3a-2127-422b-91ae-364da2661108	http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/75351
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45970	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/08/7
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/09/7
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/49526
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1200-1
af854a3a-2127-422b-91ae-364da2661108	https://bugs.gentoo.org/show_bug.cgi?id=382313
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/69682

Impacted products

Vendor	Product	Version
quassel-irc	quassel	*
quassel-irc	quassel	0.3.0
quassel-irc	quassel	0.3.1
quassel-irc	quassel	0.4.0
quassel-irc	quassel	0.4.1
quassel-irc	quassel	0.4.2
quassel-irc	quassel	0.4.3
quassel-irc	quassel	0.5.0
quassel-irc	quassel	0.5.1
quassel-irc	quassel	0.5.2
quassel-irc	quassel	0.6.0
quassel-irc	quassel	0.6.1
quassel-irc	quassel	0.7.0
quassel-irc	quassel	0.7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6600ADB-EC8E-400D-B5C6-2E70A2DD10B9",
              "versionEndIncluding": "0.7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CEE378-4AF3-460B-983A-99ABC3FAB0A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E0D72A3-0BE8-491E-BA40-DF3048B38664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AE5E456-0265-4680-B74B-BE41DEF4E4E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43387717-B4F1-458D-952D-A488B68A42BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C7CDBAF-7E56-4E28-89BB-40345D44224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "382FDF17-58BA-494F-965B-AE89536AD355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2FDCEE3-3196-4FD3-8947-BA0A8AC13C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "958D78B5-F69C-4B62-B442-D73081C37E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C079B355-6BFB-4EBC-916D-B3CD6C825D38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79524C6D-EE5D-42EF-9BCF-1E878026DA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0E50F5F-6E73-4447-A437-B6825A2581E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1929DC3-9B22-40FB-9027-16A472D5791F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quassel-irc:quassel:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "991CC3AE-CE18-4256-9666-1F0A08532D55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011."
    },
    {
      "lang": "es",
      "value": "El m\u00e9todo CtcpParser::packedReply en core/ctcpparser.cpp en Quassel anterior a v0.7.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una petici\u00f3n (Client-To-Client Protocol, CTCP) manipulada como se demostr\u00f3 en septiembre de 2011."
    }
  ],
  "id": "CVE-2011-3354",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-10-04T10:55:09.990",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/75351"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45970"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/49526"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1200-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/75351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1200-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-34825 (GCVE-0-2021-34825)

Vulnerability from cvelistv5 – Published: 2021-06-17 13:25 – Updated: 2024-08-04 00:26

Summary

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/quassel/quassel/pull/581	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:26:53.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/pull/581"
          },
          {
            "name": "FEDORA-2021-2e2ba6d39f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
          },
          {
            "name": "FEDORA-2021-75cec6e6da",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-30T04:06:17.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/quassel/quassel/pull/581"
        },
        {
          "name": "FEDORA-2021-2e2ba6d39f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
        },
        {
          "name": "FEDORA-2021-75cec6e6da",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-34825",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/pull/581",
              "refsource": "MISC",
              "url": "https://github.com/quassel/quassel/pull/581"
            },
            {
              "name": "FEDORA-2021-2e2ba6d39f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
            },
            {
              "name": "FEDORA-2021-75cec6e6da",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-34825",
    "datePublished": "2021-06-17T13:25:39.000Z",
    "dateReserved": "2021-06-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:26:53.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000179 (GCVE-0-2018-1000179)

Vulnerability from cvelistv5 – Published: 2018-05-08 15:00 – Updated: 2024-08-05 12:33

Summary

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4189	vendor-advisoryx_refsource_DEBIAN
	https://security.gentoo.org/glsa/201806-04	vendor-advisoryx_refsource_GENTOO
	https://github.com/quassel/quassel/blob/master/sr…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4594-1/	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4189",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4189"
          },
          {
            "name": "GLSA-201806-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201806-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
          },
          {
            "name": "USN-4594-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4594-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-04-30T00:00:00.000Z",
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login \u0026msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-26T21:06:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4189",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4189"
        },
        {
          "name": "GLSA-201806-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201806-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
        },
        {
          "name": "USN-4594-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4594-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-04-30T20:15:49.358309",
          "DATE_REQUESTED": "2018-04-23T00:00:00",
          "ID": "CVE-2018-1000179",
          "REQUESTER": "nongiach@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login \u0026msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4189",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4189"
            },
            {
              "name": "GLSA-201806-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201806-04"
            },
            {
              "name": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
            },
            {
              "name": "USN-4594-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4594-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000179",
    "datePublished": "2018-05-08T15:00:00.000Z",
    "dateReserved": "2018-04-23T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:33:49.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000178 (GCVE-0-2018-1000178)

Vulnerability from cvelistv5 – Published: 2018-05-08 15:00 – Updated: 2024-08-05 12:33

Summary

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4189	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://github.com/quassel/quassel/blob/master/sr…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201806-04	vendor-advisoryx_refsource_GENTOO
	https://i.imgur.com/JJ4QcNq.png	x_refsource_MISC
	https://usn.ubuntu.com/4594-1/	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4189",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4189"
          },
          {
            "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
          },
          {
            "name": "GLSA-201806-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201806-04"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://i.imgur.com/JJ4QcNq.png"
          },
          {
            "name": "USN-4594-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4594-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-04-30T00:00:00.000Z",
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray \u0026msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-26T21:06:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4189",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4189"
        },
        {
          "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
        },
        {
          "name": "GLSA-201806-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201806-04"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://i.imgur.com/JJ4QcNq.png"
        },
        {
          "name": "USN-4594-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4594-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-04-30T20:15:49.357909",
          "DATE_REQUESTED": "2018-04-23T00:00:00",
          "ID": "CVE-2018-1000178",
          "REQUESTER": "nongiach@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray \u0026msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4189",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4189"
            },
            {
              "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
            },
            {
              "name": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
            },
            {
              "name": "GLSA-201806-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201806-04"
            },
            {
              "name": "https://i.imgur.com/JJ4QcNq.png",
              "refsource": "MISC",
              "url": "https://i.imgur.com/JJ4QcNq.png"
            },
            {
              "name": "USN-4594-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4594-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000178",
    "datePublished": "2018-05-08T15:00:00.000Z",
    "dateReserved": "2018-04-23T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:33:49.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-4414 (GCVE-0-2016-4414)

Vulnerability from cvelistv5 – Published: 2016-06-13 19:00 – Updated: 2024-08-06 00:25

Summary

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2016/04/30/4	mailing-listx_refsource_MLIST
	https://github.com/quassel/quassel/commit/e678873	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://quassel-irc.org/node/129	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2016/04/30/2	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public ?

2016-04-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:25:14.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/e678873"
          },
          {
            "name": "openSUSE-SU-2016:1314",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://quassel-irc.org/node/129"
          },
          {
            "name": "FEDORA-2016-bf916bcc04",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
          },
          {
            "name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
          },
          {
            "name": "FEDORA-2016-42f30d76a0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
          },
          {
            "name": "FEDORA-2016-0431acaa78",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-13T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/e678873"
        },
        {
          "name": "openSUSE-SU-2016:1314",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://quassel-irc.org/node/129"
        },
        {
          "name": "FEDORA-2016-bf916bcc04",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
        },
        {
          "name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
        },
        {
          "name": "FEDORA-2016-42f30d76a0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
        },
        {
          "name": "FEDORA-2016-0431acaa78",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
            },
            {
              "name": "https://github.com/quassel/quassel/commit/e678873",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/e678873"
            },
            {
              "name": "openSUSE-SU-2016:1314",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
            },
            {
              "name": "http://quassel-irc.org/node/129",
              "refsource": "CONFIRM",
              "url": "http://quassel-irc.org/node/129"
            },
            {
              "name": "FEDORA-2016-bf916bcc04",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
            },
            {
              "name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
            },
            {
              "name": "FEDORA-2016-42f30d76a0",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
            },
            {
              "name": "FEDORA-2016-0431acaa78",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4414",
    "datePublished": "2016-06-13T19:00:00.000Z",
    "dateReserved": "2016-04-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:25:14.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8547 (GCVE-0-2015-8547)

Vulnerability from cvelistv5 – Published: 2016-01-08 19:00 – Updated: 2024-08-06 08:20

Summary

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2015-1…	vendor-advisoryx_refsource_SUSE
	https://github.com/quassel/quassel/pull/153	x_refsource_CONFIRM
	https://github.com/quassel/quassel/commit/b8edbda…	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2015/12/12/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/13/1	mailing-listx_refsource_MLIST

Date Public ?

2015-12-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2015:2345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/pull/153"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
          },
          {
            "name": "FEDORA-2016-3bc3d7f66e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
          },
          {
            "name": "FEDORA-2016-7f0b1e47ac",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
          },
          {
            "name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
          },
          {
            "name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the \"/op *\" command in a query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2015:2345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/pull/153"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
        },
        {
          "name": "FEDORA-2016-3bc3d7f66e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
        },
        {
          "name": "FEDORA-2016-7f0b1e47ac",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
        },
        {
          "name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
        },
        {
          "name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the \"/op *\" command in a query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2015:2345",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
            },
            {
              "name": "https://github.com/quassel/quassel/pull/153",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/pull/153"
            },
            {
              "name": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
            },
            {
              "name": "FEDORA-2016-3bc3d7f66e",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
            },
            {
              "name": "FEDORA-2016-7f0b1e47ac",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
            },
            {
              "name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
            },
            {
              "name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8547",
    "datePublished": "2016-01-08T19:00:00.000Z",
    "dateReserved": "2015-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:20:43.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3427 (GCVE-0-2015-3427)

Vulnerability from cvelistv5 – Published: 2015-05-14 14:00 – Updated: 2024-08-06 05:47

Summary

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.quassel-irc.org/node/127	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3258	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/74339	vdb-entryx_refsource_BID

Date Public ?

2015-05-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.quassel-irc.org/node/127"
          },
          {
            "name": "DSA-3258",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3258"
          },
          {
            "name": "74339",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74339"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \\ (backslash) in a message.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-02T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.quassel-irc.org/node/127"
        },
        {
          "name": "DSA-3258",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3258"
        },
        {
          "name": "74339",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74339"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \\ (backslash) in a message.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.quassel-irc.org/node/127",
              "refsource": "CONFIRM",
              "url": "http://www.quassel-irc.org/node/127"
            },
            {
              "name": "DSA-3258",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3258"
            },
            {
              "name": "74339",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74339"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3427",
    "datePublished": "2015-05-14T14:00:00.000Z",
    "dateReserved": "2015-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:47:57.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2779 (GCVE-0-2015-2779)

Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24

Summary

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/quassel/quassel/commit/b5e3897…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/74048	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2015/03/28/3	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public ?

2015-02-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
          },
          {
            "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
          },
          {
            "name": "74048",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74048"
          },
          {
            "name": "openSUSE-SU-2015:0687",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
          },
          {
            "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
          },
          {
            "name": "FEDORA-2015-4689",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
          },
          {
            "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
          },
          {
            "name": "FEDORA-2015-4531",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
        },
        {
          "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
        },
        {
          "name": "74048",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74048"
        },
        {
          "name": "openSUSE-SU-2015:0687",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
        },
        {
          "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
        },
        {
          "name": "FEDORA-2015-4689",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
        },
        {
          "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
        },
        {
          "name": "FEDORA-2015-4531",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
            },
            {
              "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
            },
            {
              "name": "74048",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74048"
            },
            {
              "name": "openSUSE-SU-2015:0687",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
            },
            {
              "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
            },
            {
              "name": "FEDORA-2015-4689",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
            },
            {
              "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
            },
            {
              "name": "FEDORA-2015-4531",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2779",
    "datePublished": "2015-04-10T14:00:00.000Z",
    "dateReserved": "2015-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:24:38.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2778 (GCVE-0-2015-2778)

Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24

Summary

Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/quassel/quassel/commit/b5e3897…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/03/28/3	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/73305	vdb-entryx_refsource_BID

Date Public ?

2015-02-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
          },
          {
            "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
          },
          {
            "name": "openSUSE-SU-2015:0687",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
          },
          {
            "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
          },
          {
            "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
          },
          {
            "name": "73305",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73305"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
        },
        {
          "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
        },
        {
          "name": "openSUSE-SU-2015:0687",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
        },
        {
          "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
        },
        {
          "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
        },
        {
          "name": "73305",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73305"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2778",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
            },
            {
              "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
            },
            {
              "name": "openSUSE-SU-2015:0687",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
            },
            {
              "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
            },
            {
              "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
            },
            {
              "name": "73305",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73305"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2778",
    "datePublished": "2015-04-10T14:00:00.000Z",
    "dateReserved": "2015-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:24:38.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3354 (GCVE-0-2011-3354)

Vulnerability from cvelistv5 – Published: 2011-10-04 10:00 – Updated: 2024-08-06 23:29

Summary

The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

redhat

References

URL

Tags

	http://osvdb.org/75351	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/45970	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-1200-1	vendor-advisoryx_refsource_UBUNTU
	http://bugs.quassel-irc.org/projects/quassel-irc/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/49526	vdb-entryx_refsource_BID
	https://bugs.gentoo.org/show_bug.cgi?id=382313	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.openwall.com/lists/oss-security/2011/09/09/7	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2011/09/08/7	mailing-listx_refsource_MLIST

Date Public ?

2011-09-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "75351",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/75351"
          },
          {
            "name": "45970",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45970"
          },
          {
            "name": "USN-1200-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1200-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
          },
          {
            "name": "49526",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49526"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
          },
          {
            "name": "quasselirc-ctcp-dos(69682)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
          },
          {
            "name": "[oss-security] 20110909 Re: CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
          },
          {
            "name": "[oss-security] 20110908 CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "75351",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/75351"
        },
        {
          "name": "45970",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45970"
        },
        {
          "name": "USN-1200-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1200-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
        },
        {
          "name": "49526",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49526"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
        },
        {
          "name": "quasselirc-ctcp-dos(69682)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
        },
        {
          "name": "[oss-security] 20110909 Re: CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
        },
        {
          "name": "[oss-security] 20110908 CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3354",
    "datePublished": "2011-10-04T10:00:00.000Z",
    "dateReserved": "2011-08-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:29:56.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34825 (GCVE-0-2021-34825)

Vulnerability from nvd – Published: 2021-06-17 13:25 – Updated: 2024-08-04 00:26

Summary

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/quassel/quassel/pull/581	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:26:53.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/pull/581"
          },
          {
            "name": "FEDORA-2021-2e2ba6d39f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
          },
          {
            "name": "FEDORA-2021-75cec6e6da",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-30T04:06:17.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/quassel/quassel/pull/581"
        },
        {
          "name": "FEDORA-2021-2e2ba6d39f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
        },
        {
          "name": "FEDORA-2021-75cec6e6da",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-34825",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/pull/581",
              "refsource": "MISC",
              "url": "https://github.com/quassel/quassel/pull/581"
            },
            {
              "name": "FEDORA-2021-2e2ba6d39f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
            },
            {
              "name": "FEDORA-2021-75cec6e6da",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-34825",
    "datePublished": "2021-06-17T13:25:39.000Z",
    "dateReserved": "2021-06-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:26:53.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000179 (GCVE-0-2018-1000179)

Vulnerability from nvd – Published: 2018-05-08 15:00 – Updated: 2024-08-05 12:33

Summary

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4189	vendor-advisoryx_refsource_DEBIAN
	https://security.gentoo.org/glsa/201806-04	vendor-advisoryx_refsource_GENTOO
	https://github.com/quassel/quassel/blob/master/sr…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4594-1/	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4189",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4189"
          },
          {
            "name": "GLSA-201806-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201806-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
          },
          {
            "name": "USN-4594-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4594-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-04-30T00:00:00.000Z",
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login \u0026msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-26T21:06:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4189",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4189"
        },
        {
          "name": "GLSA-201806-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201806-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
        },
        {
          "name": "USN-4594-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4594-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-04-30T20:15:49.358309",
          "DATE_REQUESTED": "2018-04-23T00:00:00",
          "ID": "CVE-2018-1000179",
          "REQUESTER": "nongiach@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login \u0026msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4189",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4189"
            },
            {
              "name": "GLSA-201806-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201806-04"
            },
            {
              "name": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
            },
            {
              "name": "USN-4594-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4594-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000179",
    "datePublished": "2018-05-08T15:00:00.000Z",
    "dateReserved": "2018-04-23T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:33:49.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000178 (GCVE-0-2018-1000178)

Vulnerability from nvd – Published: 2018-05-08 15:00 – Updated: 2024-08-05 12:33

Summary

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4189	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://github.com/quassel/quassel/blob/master/sr…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201806-04	vendor-advisoryx_refsource_GENTOO
	https://i.imgur.com/JJ4QcNq.png	x_refsource_MISC
	https://usn.ubuntu.com/4594-1/	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2018-04-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4189",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4189"
          },
          {
            "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
          },
          {
            "name": "GLSA-201806-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201806-04"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://i.imgur.com/JJ4QcNq.png"
          },
          {
            "name": "USN-4594-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4594-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-04-30T00:00:00.000Z",
      "datePublic": "2018-04-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray \u0026msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-26T21:06:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4189",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4189"
        },
        {
          "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
        },
        {
          "name": "GLSA-201806-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201806-04"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://i.imgur.com/JJ4QcNq.png"
        },
        {
          "name": "USN-4594-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4594-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-04-30T20:15:49.357909",
          "DATE_REQUESTED": "2018-04-23T00:00:00",
          "ID": "CVE-2018-1000178",
          "REQUESTER": "nongiach@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray \u0026msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4189",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4189"
            },
            {
              "name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
            },
            {
              "name": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
            },
            {
              "name": "GLSA-201806-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201806-04"
            },
            {
              "name": "https://i.imgur.com/JJ4QcNq.png",
              "refsource": "MISC",
              "url": "https://i.imgur.com/JJ4QcNq.png"
            },
            {
              "name": "USN-4594-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4594-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000178",
    "datePublished": "2018-05-08T15:00:00.000Z",
    "dateReserved": "2018-04-23T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:33:49.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-4414 (GCVE-0-2016-4414)

Vulnerability from nvd – Published: 2016-06-13 19:00 – Updated: 2024-08-06 00:25

Summary

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2016/04/30/4	mailing-listx_refsource_MLIST
	https://github.com/quassel/quassel/commit/e678873	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://quassel-irc.org/node/129	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2016/04/30/2	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public ?

2016-04-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:25:14.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/e678873"
          },
          {
            "name": "openSUSE-SU-2016:1314",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://quassel-irc.org/node/129"
          },
          {
            "name": "FEDORA-2016-bf916bcc04",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
          },
          {
            "name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
          },
          {
            "name": "FEDORA-2016-42f30d76a0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
          },
          {
            "name": "FEDORA-2016-0431acaa78",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-13T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/e678873"
        },
        {
          "name": "openSUSE-SU-2016:1314",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://quassel-irc.org/node/129"
        },
        {
          "name": "FEDORA-2016-bf916bcc04",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
        },
        {
          "name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
        },
        {
          "name": "FEDORA-2016-42f30d76a0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
        },
        {
          "name": "FEDORA-2016-0431acaa78",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
            },
            {
              "name": "https://github.com/quassel/quassel/commit/e678873",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/e678873"
            },
            {
              "name": "openSUSE-SU-2016:1314",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
            },
            {
              "name": "http://quassel-irc.org/node/129",
              "refsource": "CONFIRM",
              "url": "http://quassel-irc.org/node/129"
            },
            {
              "name": "FEDORA-2016-bf916bcc04",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
            },
            {
              "name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
            },
            {
              "name": "FEDORA-2016-42f30d76a0",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
            },
            {
              "name": "FEDORA-2016-0431acaa78",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4414",
    "datePublished": "2016-06-13T19:00:00.000Z",
    "dateReserved": "2016-04-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:25:14.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8547 (GCVE-0-2015-8547)

Vulnerability from nvd – Published: 2016-01-08 19:00 – Updated: 2024-08-06 08:20

Summary

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2015-1…	vendor-advisoryx_refsource_SUSE
	https://github.com/quassel/quassel/pull/153	x_refsource_CONFIRM
	https://github.com/quassel/quassel/commit/b8edbda…	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2015/12/12/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/13/1	mailing-listx_refsource_MLIST

Date Public ?

2015-12-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2015:2345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/pull/153"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
          },
          {
            "name": "FEDORA-2016-3bc3d7f66e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
          },
          {
            "name": "FEDORA-2016-7f0b1e47ac",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
          },
          {
            "name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
          },
          {
            "name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the \"/op *\" command in a query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2015:2345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/pull/153"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
        },
        {
          "name": "FEDORA-2016-3bc3d7f66e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
        },
        {
          "name": "FEDORA-2016-7f0b1e47ac",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
        },
        {
          "name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
        },
        {
          "name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the \"/op *\" command in a query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2015:2345",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
            },
            {
              "name": "https://github.com/quassel/quassel/pull/153",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/pull/153"
            },
            {
              "name": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
            },
            {
              "name": "FEDORA-2016-3bc3d7f66e",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
            },
            {
              "name": "FEDORA-2016-7f0b1e47ac",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
            },
            {
              "name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
            },
            {
              "name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8547",
    "datePublished": "2016-01-08T19:00:00.000Z",
    "dateReserved": "2015-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:20:43.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3427 (GCVE-0-2015-3427)

Vulnerability from nvd – Published: 2015-05-14 14:00 – Updated: 2024-08-06 05:47

Summary

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.quassel-irc.org/node/127	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3258	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/74339	vdb-entryx_refsource_BID

Date Public ?

2015-05-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.quassel-irc.org/node/127"
          },
          {
            "name": "DSA-3258",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3258"
          },
          {
            "name": "74339",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74339"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \\ (backslash) in a message.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-02T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.quassel-irc.org/node/127"
        },
        {
          "name": "DSA-3258",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3258"
        },
        {
          "name": "74339",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74339"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \\ (backslash) in a message.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.quassel-irc.org/node/127",
              "refsource": "CONFIRM",
              "url": "http://www.quassel-irc.org/node/127"
            },
            {
              "name": "DSA-3258",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3258"
            },
            {
              "name": "74339",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74339"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3427",
    "datePublished": "2015-05-14T14:00:00.000Z",
    "dateReserved": "2015-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:47:57.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2779 (GCVE-0-2015-2779)

Vulnerability from nvd – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24

Summary

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/quassel/quassel/commit/b5e3897…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/74048	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2015/03/28/3	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public ?

2015-02-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
          },
          {
            "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
          },
          {
            "name": "74048",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74048"
          },
          {
            "name": "openSUSE-SU-2015:0687",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
          },
          {
            "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
          },
          {
            "name": "FEDORA-2015-4689",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
          },
          {
            "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
          },
          {
            "name": "FEDORA-2015-4531",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
        },
        {
          "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
        },
        {
          "name": "74048",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74048"
        },
        {
          "name": "openSUSE-SU-2015:0687",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
        },
        {
          "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
        },
        {
          "name": "FEDORA-2015-4689",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
        },
        {
          "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
        },
        {
          "name": "FEDORA-2015-4531",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
            },
            {
              "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
            },
            {
              "name": "74048",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74048"
            },
            {
              "name": "openSUSE-SU-2015:0687",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
            },
            {
              "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
            },
            {
              "name": "FEDORA-2015-4689",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
            },
            {
              "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
            },
            {
              "name": "FEDORA-2015-4531",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2779",
    "datePublished": "2015-04-10T14:00:00.000Z",
    "dateReserved": "2015-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:24:38.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2778 (GCVE-0-2015-2778)

Vulnerability from nvd – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24

Summary

Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/quassel/quassel/commit/b5e3897…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/03/28/3	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/73305	vdb-entryx_refsource_BID

Date Public ?

2015-02-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
          },
          {
            "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
          },
          {
            "name": "openSUSE-SU-2015:0687",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
          },
          {
            "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
          },
          {
            "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
          },
          {
            "name": "73305",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73305"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
        },
        {
          "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
        },
        {
          "name": "openSUSE-SU-2015:0687",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
        },
        {
          "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
        },
        {
          "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
        },
        {
          "name": "73305",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73305"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2778",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8",
              "refsource": "CONFIRM",
              "url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
            },
            {
              "name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
            },
            {
              "name": "openSUSE-SU-2015:0687",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
            },
            {
              "name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
            },
            {
              "name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
            },
            {
              "name": "73305",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73305"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2778",
    "datePublished": "2015-04-10T14:00:00.000Z",
    "dateReserved": "2015-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:24:38.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3354 (GCVE-0-2011-3354)

Vulnerability from nvd – Published: 2011-10-04 10:00 – Updated: 2024-08-06 23:29

Summary

The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

redhat

References

URL

Tags

	http://osvdb.org/75351	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/45970	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-1200-1	vendor-advisoryx_refsource_UBUNTU
	http://bugs.quassel-irc.org/projects/quassel-irc/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/49526	vdb-entryx_refsource_BID
	https://bugs.gentoo.org/show_bug.cgi?id=382313	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.openwall.com/lists/oss-security/2011/09/09/7	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2011/09/08/7	mailing-listx_refsource_MLIST

Date Public ?

2011-09-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "75351",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/75351"
          },
          {
            "name": "45970",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45970"
          },
          {
            "name": "USN-1200-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1200-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
          },
          {
            "name": "49526",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49526"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
          },
          {
            "name": "quasselirc-ctcp-dos(69682)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
          },
          {
            "name": "[oss-security] 20110909 Re: CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
          },
          {
            "name": "[oss-security] 20110908 CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "75351",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/75351"
        },
        {
          "name": "45970",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45970"
        },
        {
          "name": "USN-1200-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1200-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
        },
        {
          "name": "49526",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49526"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
        },
        {
          "name": "quasselirc-ctcp-dos(69682)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
        },
        {
          "name": "[oss-security] 20110909 Re: CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
        },
        {
          "name": "[oss-security] 20110908 CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3354",
    "datePublished": "2011-10-04T10:00:00.000Z",
    "dateReserved": "2011-08-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:29:56.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

27 vulnerabilities found for quassel by quassel-irc

CVE-2021-34825 (GCVE-0-2021-34825)

CVE-2018-1000179 (GCVE-0-2018-1000179)

CVE-2018-1000178 (GCVE-0-2018-1000178)

CVE-2016-4414 (GCVE-0-2016-4414)

CVE-2015-8547 (GCVE-0-2015-8547)

CVE-2015-3427 (GCVE-0-2015-3427)

CVE-2015-2779 (GCVE-0-2015-2779)

CVE-2015-2778 (GCVE-0-2015-2778)

CVE-2011-3354 (GCVE-0-2011-3354)

CVE-2021-34825 (GCVE-0-2021-34825)

CVE-2018-1000179 (GCVE-0-2018-1000179)

CVE-2018-1000178 (GCVE-0-2018-1000178)

CVE-2016-4414 (GCVE-0-2016-4414)

CVE-2015-8547 (GCVE-0-2015-8547)

CVE-2015-3427 (GCVE-0-2015-3427)

CVE-2015-2779 (GCVE-0-2015-2779)

CVE-2015-2778 (GCVE-0-2015-2778)

CVE-2011-3354 (GCVE-0-2011-3354)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.