oss-sec mailing list archives
Re: CVE request: Remote DoS in Quassel
From: cve-assign () mitre org
Date: Sat, 12 Dec 2015 22:15:25 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Any client sending the command "/op *" in a query will cause the Quassel core to crash. https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7
src/core/coreuserinputhandler.cpp CoreUserInputHandler::doMode - if (nicks == "*") { // All users in channel + if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
Use CVE-2015-8547. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWbOHTAAoJEL54rhJi8gl5KiYP/0eSHJkLoJoBfBr/ZgnkNfoz 1Uuz+n9AKamkpQvS780X4eABVjsByf0hhz4G/QnZb5u4cQzlCi403q3kBROb/mbz 8hTWYSJKSIwxNT501Go6CPFbL3aP0oIOl1PF6BiV8BCRN7MVTPlkoYH4WfbnhZP9 0mknvcmKFF9XvRuIHfrVb/QhDMTvXo3xeyXs5pDtOqKLulScS5xktpM9y4YixtP4 OimugFmh7/IzYjKOh7D9Z3qnMmzGyteo6aA1Fe+qkbxDFEDVI9cE4qHgM0bA0xlM jcblzgfkhgXwh5jeqSikeW3xiTs5ixRvDDKtuo6QIknCR6w+EE/3IGhkmfjIWcGP jRfjGLTgKmLZVpyeTRo9Bo8QhP6n7y/O4iWmxMB9VvBzZUTxmjGb22uM0EPe8IfL efwa7MiY8ccExmgbAh7rqpWEq5O0rDM8EC3YWOXyz54wZ6Szw3TMdk5Ql7P7rtG0 d70b9iq9TdndyzSCz//ol7d9YPvm3zU+wMLYQuSoLtzCHb74qlp9aJWh/+EK0qKr w0eNSBfgzp/UfBFN+tmrySu0uzXio9hyOtmIdZTStJ6u7nPry0ZZHFYlHkFDqPZD IhZYQaJbXwBQ6o+rcdU/dt6y8pL6k2xFjimwRtE+regiCXLI08XpetqO25INRyN2 QAR9gUDfDaKbhCtVBLld =XTOC -----END PGP SIGNATURE-----
Current thread:
- CVE request: Remote DoS in Quassel Pierre Schweitzer (Dec 12)
- Re: CVE request: Remote DoS in Quassel cve-assign (Dec 12)