oss-sec mailing list archives
CVE request: Quassel < 0.7.3 CTCP request core DoS
From: Alex Legler <a3li () gentoo org>
Date: Thu, 08 Sep 2011 22:14:25 +0200
Hi, please assign a CVE for the following issue: CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process certain CTCP requests correctly, allowing a remote attacker connected to the same IRC network as the victim to cause a Denial of Service condition by sending specially crafted CTCP requests. This was demonstrated in various exploits on freenode today. Gentoo tracks the issue in [1], upstream fix is [2]. Thanks, Alex [1] https://bugs.gentoo.org/show_bug.cgi?id=382313 [2] http://git.quassel- irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b -- Alex Legler <a3li () gentoo org> Gentoo Security / Ruby
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: Quassel < 0.7.3 CTCP request core DoS Alex Legler (Sep 08)
- Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Josh Bressers (Sep 09)