Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 30 Apr 2016 15:04:32 -0400 (EDT)
From: cve-assign@...re.org
To: baspape@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - Quassel IRC denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> It was found that quasselcore is vulnerable to a denial of service
> attack by unauthenticated clients. The protocol negotiation did not
> take into account lack of a match, in which case
> PeerFactory::createPeer returns a nullptr, which is immediately
> dereferenced
> 
> https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746

Use CVE-2016-4414.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXJQFQAAoJEHb/MwWLVhi2ZcAP/1LyyMKO4YOzrX0HmWXqANyu
75tmS0QUrp1EZrMNw3phenr3FdBhpPUDfYNkqXxdR/fqfJG+yMdtW3CCnK7dxqgs
iZuDqqohyTNLPHl78KJndAtMmmGfmMy8ZRB7NCqPTBomEGrM1unELYSYMTDEF9PE
SO5m6Y8PlEJmP9c7wJeUagR32uvpeFHlNY3KzYptSYR5gEHVAZp28m912OEn1grg
nywB0MSld+JdDL1FDHd/WEP8KBTtbLawxhC+/BY20Un5IY/1O1iSLUoz2uxn8pmM
XrEKiylU+L3ifjgoP1vz00ndg160RQs+RUltJqst4yfWzjdYlWOfSqyPGenaRr0g
JclOiQzr4PnzVuESYe/1VscGnvviJceew1VmQ9/M1ocR1M3AhCjAP373n9iitCCE
fKM8PAxU5YD0Cz/XYsmZjfdKRO0WW2PZ8PTTEPtw/Ls9Q7b7tA5+xmL9zlqznhOj
Oe1IQ8fnOXIi+SGHZZVWA+ViNjHaJ9fZXsAGAcNrUlHHnlijWo6rG/GmRk0oFEAn
F2KnPoqBrx56sLWEPcpBimaKIDTz9kuU6NTd3qVZTQ23AQxbtc9Ka2X1J+L7fIsD
TK3L/2vJkVRTLL/kboGApuoHCFGHLfzea+h5EFXvMD+l9XBNS2Q+52PQ3Nh9PvDV
X+2oUb7pXqhymaQX4Zvc
=ZaBE
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ