FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
499f6b41-58db-4f98-b8e7-da8c18985edaquassel -- multiple vulnerabilities

Gentoo reports:

quasselcore: corruption of heap metadata caused by qdatastream leading to preauth remote code execution.

  • Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol.
  • Description: In Qdatastream protocol each object is prepended with 4 bytes for the object size, this can be used to trigger allocation errors.

quasselcore DDOS

  • Severity: low, only impacts unconfigured quasselcore instances.
  • Description: A login attempt causes a NULL pointer dereference when the database is not initialized.

Discovery 2018-04-24
Entry 2018-04-26
quassel
< 0.12.5

quassel-core
< 0.12.5

https://bugs.gentoo.org/653834
https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e
https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b
7d64d00c-43e3-11e6-ab34-002590263bf5quassel -- remote denial of service

Mitre reports:

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.


Discovery 2016-04-24
Entry 2016-07-07
quassel
< 0.12.4

CVE-2016-4414
http://quassel-irc.org/node/129
https://github.com/quassel/quassel/commit/e678873
http://www.openwall.com/lists/oss-security/2016/04/30/2
http://www.openwall.com/lists/oss-security/2016/04/30/4