oss-sec mailing list archives
Re: Vulnerability fixed in Quassel?
From: Bas Pape <baspape () gmail com>
Date: Fri, 24 Oct 2014 12:39:10 +0200
Hi,
It appears to me that this is a vulnerability in the Quassel-core which allows clients to remotely crash the core and thus cause a denial of service using ill-formed messages. Would it deserve a CVE and/or fixes in distributions which ship it? I'm not affiliated in any kind with that project, so I might not have enough information regarding this fix, nor legitimity to request a CVE for this.
I think it does deserve a CVE, because it's an instance of CWE-125. The problem is a max 11-byte out-of-bounds read on a heap-allocated array. For debug builds this trips an assert in Qt (resulting in denial of service), otherwise it's an information leak to the user of Quassel (who may or may not be trusted). Should a CVE be assigned, note that Quassel took the code (cipher.cpp) from Konversation, and the same issue has been reported there [1]. -- Bas Pape (Tucos)
Current thread:
- Vulnerability fixed in Quassel? Pierre Schweitzer (Oct 24)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? Pierre Schweitzer (Oct 25)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? cve-assign (Oct 26)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)