oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Remote DoS in Quassel

From: cve-assign () mitre org
Date: Sat, 12 Dec 2015 22:15:25 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Any client sending the command "/op *" in a query will cause the Quassel
core to crash.

https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7



src/core/coreuserinputhandler.cpp

CoreUserInputHandler::doMode

- if (nicks == "*") { // All users in channel
+ if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel


Use CVE-2015-8547.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWbOHTAAoJEL54rhJi8gl5KiYP/0eSHJkLoJoBfBr/ZgnkNfoz
1Uuz+n9AKamkpQvS780X4eABVjsByf0hhz4G/QnZb5u4cQzlCi403q3kBROb/mbz
8hTWYSJKSIwxNT501Go6CPFbL3aP0oIOl1PF6BiV8BCRN7MVTPlkoYH4WfbnhZP9
0mknvcmKFF9XvRuIHfrVb/QhDMTvXo3xeyXs5pDtOqKLulScS5xktpM9y4YixtP4
OimugFmh7/IzYjKOh7D9Z3qnMmzGyteo6aA1Fe+qkbxDFEDVI9cE4qHgM0bA0xlM
jcblzgfkhgXwh5jeqSikeW3xiTs5ixRvDDKtuo6QIknCR6w+EE/3IGhkmfjIWcGP
jRfjGLTgKmLZVpyeTRo9Bo8QhP6n7y/O4iWmxMB9VvBzZUTxmjGb22uM0EPe8IfL
efwa7MiY8ccExmgbAh7rqpWEq5O0rDM8EC3YWOXyz54wZ6Szw3TMdk5Ql7P7rtG0
d70b9iq9TdndyzSCz//ol7d9YPvm3zU+wMLYQuSoLtzCHb74qlp9aJWh/+EK0qKr
w0eNSBfgzp/UfBFN+tmrySu0uzXio9hyOtmIdZTStJ6u7nPry0ZZHFYlHkFDqPZD
IhZYQaJbXwBQ6o+rcdU/dt6y8pL6k2xFjimwRtE+regiCXLI08XpetqO25INRyN2
QAR9gUDfDaKbhCtVBLld
=XTOC
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: