|
Message-ID: <CAMoU6ub=LxvthwhbL-xW-GT5UWWqJC7nZgMV7JQznghnwqQpLQ@mail.gmail.com> Date: Fri, 24 Oct 2014 12:39:10 +0200 From: Bas Pape <baspape@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Vulnerability fixed in Quassel? Hi, > It appears to me that this is a vulnerability in the Quassel-core > which allows clients to remotely crash the core and thus cause a > denial of service using ill-formed messages. > > Would it deserve a CVE and/or fixes in distributions which ship it? > I'm not affiliated in any kind with that project, so I might not have > enough information regarding this fix, nor legitimity to request a > CVE for this. I think it does deserve a CVE, because it's an instance of CWE-125. The problem is a max 11-byte out-of-bounds read on a heap-allocated array. For debug builds this trips an assert in Qt (resulting in denial of service), otherwise it's an information leak to the user of Quassel (who may or may not be trusted). Should a CVE be assigned, note that Quassel took the code (cipher.cpp) from Konversation, and the same issue has been reported there [1]. -- Bas Pape (Tucos)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.