Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 30 Apr 2016 14:41:03 +0200
From: Bas Pape <>
Subject: CVE request - Quassel IRC denial of service


It was found that quasselcore is vulnerable to a denial of service
attack by unauthenticated clients. The protocol negotiation did not
take into account lack of a match, in which case
PeerFactory::createPeer returns a nullptr, which is immediately
dereferenced [1].
This issue was introduced in commit d1bf207 [2] (version 0.10.0 and
later), and fixed in commit e678873 [3] (tagged as version 0.12.4).

Can a CVE be assigned to this issue?


Bas Pape (Tucos)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ