oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: denial of service in Quassel

From: Pierre Schweitzer <pierre () reactos org>
Date: Fri, 20 Mar 2015 17:22:53 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear all,

The following commit fixed a denial of service in quassel:
https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8

It allows a connected client to cause a core crash by sending a CTCP
request which would be too long and multibyte.

This is mitigated by the fact that it requires an authed user.

With my best regards,
- -- 
Pierre Schweitzer <pierre () reactos org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVDEldAAoJEHVFVWw9WFsLeaQP/0zUGaXiZUsJRbZod5ZqrMXb
oUJ+FVfhDTyWZNFbyNb6Pi76STyQHCZwggzR90ay/oBqn7toya9SLHASamjHSBY4
VeJI7q+KaM2/T9YwTVMU0WLB6gPjkR4/jQf0aE1Fdf5yRGejybybA5ffdvbJjYSs
du+uwsWOCztIohbm9vAH+bQCIPD+BjJzpAgsJ88SgfGMa3JZSah1pYfKh4StesYR
7SCx/R6WTJBqrrnfvUldUdcvF/5S8LGOtJoTAZi2QJZNZNBmZhntJ9QadCWuYTfX
mcxRZVuZrmcZ5mH4jiP4J8KoFdGzoHO4mTT2vc8g8EGkGcQ8aflAbA9Ngg4z/vyR
yZT0A+4fEYH5qh1QyIYiz2j+i4GXshcr/hS+NKStb30inj8fE5fnN8OAMjOPxd7O
gVZJv38XHurPtCDUuo/BTWX2CKgyRvikK33sJXN0eDx/tQCnMk+W+g1Ur+ujCgpO
vPW/Sv+301goGHZoobmWBic0gR2zUFeb/8FbTBnqA979DzUUCY712P/TX6vvhwnB
oryfwvuLNPGjsbT2KyLi9u3jyJnO5dAw2gmFsVSz2hk+874kkuV/cYq28HEdLTe/
1kSbEkEBZx7y5ksUZzp514j9RUUGNK/ZXZZz9GJkIEDlO19pmF/7SpgdFW/de6Kr
Jpv+YbGqoIljb8c79IbX
=GmZ8
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: