FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
499f6b41-58db-4f98-b8e7-da8c18985edaquassel -- multiple vulnerabilities

Gentoo reports:

quasselcore: corruption of heap metadata caused by qdatastream leading to preauth remote code execution.

  • Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol.
  • Description: In Qdatastream protocol each object is prepended with 4 bytes for the object size, this can be used to trigger allocation errors.

quasselcore DDOS

  • Severity: low, only impacts unconfigured quasselcore instances.
  • Description: A login attempt causes a NULL pointer dereference when the database is not initialized.

Discovery 2018-04-24
Entry 2018-04-26
quassel
< 0.12.5

quassel-core
< 0.12.5

https://bugs.gentoo.org/653834
https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e
https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b