Published: 08/05/2018 Updated: 26/10/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an malicious user to cause a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
quassel-irc quassel 0.12.4
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #896915 quassel: CVE-2018-1000179: Reject clients that attempt to login before the core is configured Package: src:quassel; Maintainer for src:quassel is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 25 Apr 201 ...

Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service Note that you need to restart the quasselcore service after upgrading the Quassel packages For the oldstable distribution (jessie), these problems have been fixed in version 1:0100-23+deb8u4 For the stable distr ...

CWE-476 https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236 https://www.debian.org/security/2018/dsa-4189 https://security.gentoo.org/glsa/201806-04 https://usn.ubuntu.com/4594-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896915 https://nvd.nist.gov https://www.debian.org/security/./dsa-4189

CVE-2018-1000179

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect