CVE-2015-8547 — Quassel vulnerability

CWE-177 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.4%

top 15.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Quassel-irc Quassel Debian Quassel Opensuse Leap +1 more

Timeline

PublishedJan 8

Latest updateMay 14

Description

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/quassel< quassel 1:0.12.2-3 (bookworm)

▶Debianquassel-irc/quassel< 1:0.12.2-3+3

▶NVDquassel-irc/quassel0.10.0

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-3c22-99pq-qjv4: The CoreUserInputHandler::doMode function in core/coreuserinputhandler↗2022-05-14

▶

OSV

CVE-2015-8547: The CoreUserInputHandler::doMode function in core/coreuserinputhandler↗2016-01-08

▶

📋Vendor Advisories

Debian

CVE-2015-8547: quassel - The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Qu...↗2015

▶

💬Community

Bugzilla

CVE-2015-8547 quassel: Remotely triggered DoS on a Quassel core↗2015-12-14

▶

Bugzilla

CVE-2015-8547 quassel: Remotely triggered DoS on a Quassel core [fedora-all]↗2015-12-14

▶

Bugzilla

CVE-2015-8547 quassel: Remotely triggered DoS on a Quassel core [epel-all]↗2015-12-14

▶