[v3.0] quassel: out-of-bounds read (CVE-2014-8483)
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows disruption of service
References:
http://seclists.org/oss-sec/2014/q4/448
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8483
COMMIT:
https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
(from redmine: issue id 3550, created on 2014-11-24, closed on 2015-01-13)
- Relations:
- parent #3548 (closed)
- Changesets:
- Revision 8005e9aa by Natanael Copa on 2015-01-13T09:34:48Z:
main/quassel: security fix for CVE-2014-8483
fixes #3550