CVE-2010-3443 — Quassel vulnerability

CWE-3996 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 21.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Quassel-irc Quassel Debian Quassel Quassel-irc Quassel IRC +1 more

Timeline

PublishedNov 23

Latest updateMay 17

Description

ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/quassel< quassel 0.7.1-1 (bookworm)

▶Debianquassel-irc/quassel< 0.7.1-1+3

▶NVDquassel-irc/quassel_irc0.6.2+13

Also affects: Ubuntu Linux 10.04, 9.04, 9.10

Patches

Patch: quassel-irc.org ↗Patch: quassel-irc.org ↗

🔴Vulnerability Details

GHSA

GHSA-gcm5-mx9r-f9mm: ctcphandler↗2022-05-17

▶

OSV

CVE-2010-3443: ctcphandler↗2013-11-23

▶

📋Vendor Advisories

Debian

CVE-2010-3443: quassel - ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote att...↗2010

▶

💬Community

Bugzilla

CVE-2010-3443 quassel: multiple CTCP requests may lead to DoS [fedora-all]↗2010-09-23

▶

Bugzilla

CVE-2010-3443 quassel: multiple CTCP requests may lead to DoS↗2010-09-23

▶