Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: Quassel < 0.7.3 CTCP request core DoS
From: Alex Legler <a3li () gentoo org>
Date: Thu, 08 Sep 2011 22:14:25 +0200


please assign a CVE for the following issue:
CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process
certain CTCP requests correctly, allowing a remote attacker connected to the
same IRC network as the victim to cause a Denial of Service condition by
sending specially crafted CTCP requests. This was demonstrated in various
exploits on freenode today.

Gentoo tracks the issue in [1], upstream fix is [2].


[1] https://bugs.gentoo.org/show_bug.cgi?id=382313
[2] http://git.quassel-

Alex Legler <a3li () gentoo org>
Gentoo Security / Ruby

Attachment: signature.asc
Description: This is a digitally signed message part.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]