Date: Thu, 08 Sep 2011 22:14:25 +0200 From: Alex Legler <a3li@...too.org> To: oss-security@...ts.openwall.com Subject: CVE request: Quassel < 0.7.3 CTCP request core DoS Hi, please assign a CVE for the following issue: CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process certain CTCP requests correctly, allowing a remote attacker connected to the same IRC network as the victim to cause a Denial of Service condition by sending specially crafted CTCP requests. This was demonstrated in various exploits on freenode today. Gentoo tracks the issue in , upstream fix is . Thanks, Alex  https://bugs.gentoo.org/show_bug.cgi?id=382313  http://git.quassel- irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b -- Alex Legler <a3li@...too.org> Gentoo Security / Ruby Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.