oss-sec mailing list archives
Re: CVE request: Quassel < 0.7.3 CTCP request core DoS
From: Josh Bressers <bressers () redhat com>
Date: Fri, 9 Sep 2011 14:04:02 -0400 (EDT)
Please use CVE-2011-3354. Thanks. -- JB ----- Original Message -----
Hi, please assign a CVE for the following issue: CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process certain CTCP requests correctly, allowing a remote attacker connected to the same IRC network as the victim to cause a Denial of Service condition by sending specially crafted CTCP requests. This was demonstrated in various exploits on freenode today. Gentoo tracks the issue in [1], upstream fix is [2]. Thanks, Alex [1] https://bugs.gentoo.org/show_bug.cgi?id=382313 [2] http://git.quassel- irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b -- Alex Legler <a3li () gentoo org> Gentoo Security / Ruby
Current thread:
- CVE request: Quassel < 0.7.3 CTCP request core DoS Alex Legler (Sep 08)
- Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Josh Bressers (Sep 09)