Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 08 Sep 2011 22:14:25 +0200
From: Alex Legler <a3li@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: Quassel < 0.7.3 CTCP request core DoS

Hi,

please assign a CVE for the following issue:
CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process
certain CTCP requests correctly, allowing a remote attacker connected to the
same IRC network as the victim to cause a Denial of Service condition by
sending specially crafted CTCP requests. This was demonstrated in various
exploits on freenode today.

Gentoo tracks the issue in [1], upstream fix is [2].

Thanks,
Alex

[1] https://bugs.gentoo.org/show_bug.cgi?id=382313
[2] http://git.quassel-
irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b

-- 
Alex Legler <a3li@...too.org>
Gentoo Security / Ruby
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.