Published: 08/05/2018 Updated: 26/10/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an malicious user to execute code remotely.

Vulnerable Product	Search on Vulmon	Subscribe to Product
quassel-irc quassel 0.12.4
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0

Debian Bug report logs - #896914 quassel: CVE-2018-1000178: Implement custom deserializer to add our own sanity checks Package: src:quassel; Maintainer for src:quassel is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 25 Apr 2018 19:03: ...

Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service Note that you need to restart the quasselcore service after upgrading the Quassel packages For the oldstable distribution (jessie), these problems have been fixed in version 1:0100-23+deb8u4 For the stable distr ...

CWE-787 https://i.imgur.com/JJ4QcNq.png https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62 https://www.debian.org/security/2018/dsa-4189 https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html https://security.gentoo.org/glsa/201806-04 https://usn.ubuntu.com/4594-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 https://nvd.nist.gov https://www.debian.org/security/./dsa-4189

CVE-2018-1000178

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect