Re: Vulnerability fixed in Quassel?

[Bas Pape <baspape () gmail com>]

Hi,

> It appears to me that this is a vulnerability in the Quassel-core
> which allows clients to remotely crash the core and thus cause a
> denial of service using ill-formed messages.
>
> Would it deserve a CVE and/or fixes in distributions which ship it?
> I'm not affiliated in any kind with that project, so I might not have
>  enough information regarding this fix, nor legitimity to request a
> CVE for this.

I think it does deserve a CVE, because it's an instance of CWE-125.
The problem is a max 11-byte out-of-bounds read on a heap-allocated
array. For debug builds this trips an assert in Qt (resulting in
denial of service), otherwise it's an information leak to the user of
Quassel (who may or may not be trusted).

Should a CVE be assigned, note that Quassel took the code (cipher.cpp)
from Konversation, and the same issue has been reported there [1].

-- 
Bas Pape (Tucos)