Date: Sat, 30 Apr 2016 14:41:03 +0200 From: Bas Pape <baspape@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request - Quassel IRC denial of service Hi, It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match, in which case PeerFactory::createPeer returns a nullptr, which is immediately dereferenced . This issue was introduced in commit d1bf207  (version 0.10.0 and later), and fixed in commit e678873  (tagged as version 0.12.4). Can a CVE be assigned to this issue?  https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100  https://github.com/quassel/quassel/commit/d1bf207  https://github.com/quassel/quassel/commit/e678873 -- Bas Pape (Tucos)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ