oss-sec mailing list archives

CVE request: Quassel < 0.7.3 CTCP request core DoS

From: Alex Legler <a3li () gentoo org>
Date: Thu, 08 Sep 2011 22:14:25 +0200

Hi,

please assign a CVE for the following issue:
CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process
certain CTCP requests correctly, allowing a remote attacker connected to the
same IRC network as the victim to cause a Denial of Service condition by
sending specially crafted CTCP requests. This was demonstrated in various
exploits on freenode today.

Gentoo tracks the issue in [1], upstream fix is [2].

Thanks,
Alex

[1] https://bugs.gentoo.org/show_bug.cgi?id=382313
[2] http://git.quassel-
irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b

-- 
Alex Legler <a3li () gentoo org>
Gentoo Security / Ruby

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: Quassel < 0.7.3 CTCP request core DoS Alex Legler (Sep 08)
- Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Josh Bressers (Sep 09)