Date: Sat, 30 Apr 2016 14:41:03 +0200 From: Bas Pape <baspape@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request - Quassel IRC denial of service Hi, It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match, in which case PeerFactory::createPeer returns a nullptr, which is immediately dereferenced . This issue was introduced in commit d1bf207  (version 0.10.0 and later), and fixed in commit e678873  (tagged as version 0.12.4). Can a CVE be assigned to this issue?  https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100  https://github.com/quassel/quassel/commit/d1bf207  https://github.com/quassel/quassel/commit/e678873 -- Bas Pape (Tucos)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.