oss-sec mailing list archives

Re: CVE request: denial of service in Quassel

From: Pierre Schweitzer <pierre () reactos org>
Date: Fri, 27 Mar 2015 09:55:25 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ping, in case it got missed.

On 03/20/2015 05:22 PM, Pierre Schweitzer wrote:

Dear all,

The following commit fixed a denial of service in quassel: 
https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8

 It allows a connected client to cause a core crash by sending a
CTCP request which would be too long and multibyte.

This is mitigated by the fact that it requires an authed user.

With my best regards,


- -- 
Pierre Schweitzer <pierre () reactos org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVFRr9AAoJEHVFVWw9WFsLir0QAIqV2Uv8vGbm4mRE6BcfoOcA
jKVEQJcOghqa/vW4TUf6qLnV6knshfLTIfFwa/d8xRtXDSgChxHaoMIGiMn8hc2p
0Lze6ZU5mDVYFAoMVCLje44m93+sdx3ak8dN2WriqtaibgmWhsbfp8GmfC4Nvy/G
/HpJSkWJoDMz3+QCeQ3qvreWGNjK7D+yLbcbbAcRS1sCbWLcdjYAncUjxzIqPcqv
CyIlw6DLhIYf4gyYxsE6+TfnIvjFHXYcdFpEsaNsk264nzK+26tMc3gs7gVQeIKS
e1o1NHnKg4xpnniIZcB8NHM/IfW3ajiKeZXJ3X3PDF9S8OKhJhVbEAtAIGaqCLhU
OVrKFC1ABWB7hvNvkN935xtbFrku40RfHc9+FF0O6IfXXo9KvsNkRdns0P5zm4rt
D/kitViV53iiVBIOaaw0AMP1icdiluGuOfGPMUjvn6lhLNbqRGCIlvtzeMEujyFe
Eh5ztdirEY3YGvX7tfWLw7aVm8qVCl9IdRmGnAWndSOc0vvDr0yGIYHBLaCxsmsg
f281yyGtoM48p40/D+d0ZQxloKWl/2tpm7meY7pz8F91uaPkJGv6YMRQurdX+gTP
TzF3LYhCowWy1xGR20OwrCgieYwOgRu5noNUQXEdRSyoqEh24Kbd3WHRYvVCQaE9
8XTnWCyI7ViOMgeWcglZ
=5R72
-----END PGP SIGNATURE-----

Current thread:

CVE request: denial of service in Quassel Pierre Schweitzer (Mar 20)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
- Re: CVE request: denial of service in Quassel cve-assign (Mar 27)
  - Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
    - Re: CVE request: denial of service in Quassel cve-assign (Mar 27)