⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2011-3354Quassel vulnerability

CWE-3995 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.6%
top 18.10%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Quassel-irc QuasselDebian Quassel
Timeline
PublishedOct 4
Latest updateMay 17

Description

The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/quassel< quassel 0.7.3-1 (bookworm)
Debianquassel-irc/quassel< 0.7.3-1+3
NVDquassel-irc/quassel0.7.2+13

Patches

Patch: bugs.quassel-irc.orgPatch: bugs.quassel-irc.org

🔴Vulnerability Details

2
GHSA
GHSA-6pg7-8crq-hwmr: The CtcpParser::packedReply method in core/ctcpparser2022-05-17
OSV
CVE-2011-3354: The CtcpParser::packedReply method in core/ctcpparser2011-10-04

📋Vendor Advisories

1
Debian
CVE-2011-3354: quassel - The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7....2011

💬Community

1
Bugzilla
CVE-2011-3354 quassel: invalid CTCP handling causes DoS2011-09-08
CVE-2011-3354 — Debian Quassel vulnerability | cvebase