CVE-2016-4414 — Quassel vulnerability

7 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.9%

top 13.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Quassel-irc Quassel Debian Quassel Fedoraproject Fedora +2 more

Timeline

PublishedJun 13

Latest updateMay 14

Description

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/quassel< quassel 1:0.12.4-2 (bookworm)

▶Debianquassel-irc/quassel< 1:0.12.4-2+3

▶NVDquassel-irc/quassel0.12.3

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Also affects: Fedora 22, 23, 24

🔴Vulnerability Details

GHSA

GHSA-r62h-rf3r-q857: The onReadyRead function in core/coreauthhandler↗2022-05-14

▶

OSV

CVE-2016-4414: The onReadyRead function in core/coreauthhandler↗2016-06-13

▶

📋Vendor Advisories

Debian

CVE-2016-4414: quassel - The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 al...↗2016

▶

💬Community

Bugzilla

CVE-2016-4414 quassel: IRC denial of service [epel-7]↗2016-05-02

▶

Bugzilla

CVE-2016-4414 quassel: IRC denial of service↗2016-05-02

▶

Bugzilla

CVE-2016-4414 quassel: IRC denial of service [fedora-all]↗2016-05-02

▶