Published: 14/05/2015 Updated: 06/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Quassel prior to 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote malicious users to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

Vulnerable Product	Search on Vulmon	Subscribe to Product
quassel-irc quassel
debian debian linux 8.0

Debian Bug report logs - #783926 quassel: Incomplete fix for CVE-2013-4422 Package: src:quassel; Maintainer for src:quassel is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 1 May 2015 10:48:02 UTC Severity: important Tags: fixed-upst ...

It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete This could allow remote attackers to inject SQL queries after a database reconnection (eg when the backend PostgreSQL server is restarted) For the stable distribution (jessie), this problem has been fixed in version 1:0100-23+deb8u1 For the ...

CWE-89 http://www.quassel-irc.org/node/127 http://www.debian.org/security/2015/dsa-3258 http://www.securityfocus.com/bid/74339 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783926 https://nvd.nist.gov https://www.debian.org/security/./dsa-3258

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-3427

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect