Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Mar 2015 17:22:53 +0100
From: Pierre Schweitzer <pierre@...ctos.org>
To: OSS Security List <oss-security@...ts.openwall.com>, 
 cve-assign@...re.org
Subject: CVE request: denial of service in Quassel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear all,

The following commit fixed a denial of service in quassel:
https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8

It allows a connected client to cause a core crash by sending a CTCP
request which would be too long and multibyte.

This is mitigated by the fact that it requires an authed user.

With my best regards,
- -- 
Pierre Schweitzer <pierre@...ctos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVDEldAAoJEHVFVWw9WFsLeaQP/0zUGaXiZUsJRbZod5ZqrMXb
oUJ+FVfhDTyWZNFbyNb6Pi76STyQHCZwggzR90ay/oBqn7toya9SLHASamjHSBY4
VeJI7q+KaM2/T9YwTVMU0WLB6gPjkR4/jQf0aE1Fdf5yRGejybybA5ffdvbJjYSs
du+uwsWOCztIohbm9vAH+bQCIPD+BjJzpAgsJ88SgfGMa3JZSah1pYfKh4StesYR
7SCx/R6WTJBqrrnfvUldUdcvF/5S8LGOtJoTAZi2QJZNZNBmZhntJ9QadCWuYTfX
mcxRZVuZrmcZ5mH4jiP4J8KoFdGzoHO4mTT2vc8g8EGkGcQ8aflAbA9Ngg4z/vyR
yZT0A+4fEYH5qh1QyIYiz2j+i4GXshcr/hS+NKStb30inj8fE5fnN8OAMjOPxd7O
gVZJv38XHurPtCDUuo/BTWX2CKgyRvikK33sJXN0eDx/tQCnMk+W+g1Ur+ujCgpO
vPW/Sv+301goGHZoobmWBic0gR2zUFeb/8FbTBnqA979DzUUCY712P/TX6vvhwnB
oryfwvuLNPGjsbT2KyLi9u3jyJnO5dAw2gmFsVSz2hk+874kkuV/cYq28HEdLTe/
1kSbEkEBZx7y5ksUZzp514j9RUUGNK/ZXZZz9GJkIEDlO19pmF/7SpgdFW/de6Kr
Jpv+YbGqoIljb8c79IbX
=GmZ8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.