oss-sec mailing list archives
Re: CVE request: denial of service in Quassel
From: cve-assign () mitre org
Date: Sat, 28 Mar 2015 01:44:52 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The second is the core crash caused by sending an overlength CTCP query ("/me") containing only multibyte characters. This bug was caused by the old CTCP splitter using the byte index from lastParamOverrun() as a character index for a QString.
This seems to be, very roughly, an issue of incorrectly determining a data-structure length by using a wrong-sized data type for counting. It happens to be about multibyte characters but that's of secondary importance. This will almost certainly have a unique CVE ID ...
Use CVE-2015-2778.
Unlike what it replaces, the new splitting code is not recursive and cannot cause stack overflows.
But, be it a crash or a hang, it would cause a denial of service for any client connected to core.
Use CVE-2015-2779.
The first is garbage characters caused by accidentally splitting the string in the middle of a multibyte character.
As suggested earlier, this has no CVE ID.
if it is unable to split a string, it will give up gracefully and not crash the core or cause a thread to run away.
As suggested earlier, this has no CVE ID. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVFj9MAAoJEKllVAevmvmshfkH/0fpuId3QRMrFZW+S6Of4+Lc jRGjVNJDUVnSkkIvAPFtSpRZv0Xwx/Tff255Nx4OByaNGpVv6ocrdggHKXhxQq4G AMD2qNpBuIx7esTqTA40w6B70GPQOZF35+nOzNP0tsK7SFI+cPmyfDY/sB2JCzP2 fAmyCzX2JD1G9I7/5OyrhCYlV0RySzuMjdSC/LD0ikdEwkNP9V/IKm5HeufYvvyh BAQKItg1kRsKIVFMajTU2oXEqrPVTXsj/dNI6u6fpwOwidxv5jdBw0ggWFeAyb5W UYlRDPVBjMiMox5tLqC+2yC3vkykkBVlNgE1BBGQOmkBpgEQnzz8iQfJPSybw9w= =czV4 -----END PGP SIGNATURE-----
Current thread:
- CVE request: denial of service in Quassel Pierre Schweitzer (Mar 20)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
- Re: CVE request: denial of service in Quassel cve-assign (Mar 27)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
- Re: CVE request: denial of service in Quassel cve-assign (Mar 27)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)