CVE-2014-8483 — Out-of-bounds Read in Quassel

CWE-125 — Out-of-bounds Read7 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

3.2%

top 12.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Konversation Quassel-irc Quassel Debian Konversation +5 more

Timeline

PublishedNov 6

Latest updateMay 14

Description

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶debiandebian/quassel< konversation 1.5-2 (bookworm)

▶Debianquassel-irc/quassel< 0.10.0-2.1+3

▶NVDquassel-irc/quassel_irc0.10.0

▶debiandebian/konversation< konversation 1.5-2 (bookworm)

▶Debiankonversation/konversation< 1.5-2+3

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-vgxr-2jwm-83q2: The blowfishECB function in core/cipher↗2022-05-14

▶

OSV

CVE-2014-8483: The blowfishECB function in core/cipher↗2014-11-06

▶

📋Vendor Advisories

Ubuntu

Konversation vulnerability↗2014-11-10

▶

Debian

CVE-2014-8483: konversation - The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote ...↗2014

▶

💬Community

Bugzilla

konversation: out-of-bounds read flaw↗2014-10-27

▶

Bugzilla

CVE-2014-8483 quassel, konversation: out-of-bounds read on a heap-allocated array↗2014-10-24

▶