oss-sec mailing list archives

Re: CVE request: Quassel < 0.7.3 CTCP request core DoS

From: Josh Bressers <bressers () redhat com>
Date: Fri, 9 Sep 2011 14:04:02 -0400 (EDT)

Please use CVE-2011-3354.

Thanks.

-- 
    JB

----- Original Message -----

Hi,

please assign a CVE for the following issue:
CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not
process
certain CTCP requests correctly, allowing a remote attacker connected
to the
same IRC network as the victim to cause a Denial of Service condition
by
sending specially crafted CTCP requests. This was demonstrated in
various
exploits on freenode today.

Gentoo tracks the issue in [1], upstream fix is [2].

Thanks,
Alex

[1] https://bugs.gentoo.org/show_bug.cgi?id=382313
[2] http://git.quassel-
irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b

--
Alex Legler <a3li () gentoo org>
Gentoo Security / Ruby

Current thread:

CVE request: Quassel < 0.7.3 CTCP request core DoS Alex Legler (Sep 08)
- Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Josh Bressers (Sep 09)