FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7d64d00c-43e3-11e6-ab34-002590263bf5	quassel -- remote denial of service Mitre reports: The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. Discovery 2016-04-24 Entry 2016-07-07 quassel < 0.12.4 CVE-2016-4414 http://quassel-irc.org/node/129 https://github.com/quassel/quassel/commit/e678873 http://www.openwall.com/lists/oss-security/2016/04/30/2 http://www.openwall.com/lists/oss-security/2016/04/30/4
499f6b41-58db-4f98-b8e7-da8c18985eda	quassel -- multiple vulnerabilities Gentoo reports: quasselcore: corruption of heap metadata caused by qdatastream leading to preauth remote code execution. Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol. Description: In Qdatastream protocol each object is prepended with 4 bytes for the object size, this can be used to trigger allocation errors. quasselcore DDOS Severity: low, only impacts unconfigured quasselcore instances. Description: A login attempt causes a NULL pointer dereference when the database is not initialized. Discovery 2018-04-24 Entry 2018-04-26 quassel < 0.12.5 quassel-core < 0.12.5 https://bugs.gentoo.org/653834 https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b

VuXML ID

Description

7d64d00c-43e3-11e6-ab34-002590263bf5

quassel -- remote denial of service

Mitre reports:

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

Discovery 2016-04-24
Entry 2016-07-07
quassel

< 0.12.4

CVE-2016-4414
http://quassel-irc.org/node/129
https://github.com/quassel/quassel/commit/e678873
http://www.openwall.com/lists/oss-security/2016/04/30/2
http://www.openwall.com/lists/oss-security/2016/04/30/4

499f6b41-58db-4f98-b8e7-da8c18985eda

quassel -- multiple vulnerabilities

Gentoo reports:

quasselcore: corruption of heap metadata caused by qdatastream leading to preauth remote code execution.

Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol.

Description: In Qdatastream protocol each object is prepended with 4 bytes for the object size, this can be used to trigger allocation errors.

quasselcore DDOS

Severity: low, only impacts unconfigured quasselcore instances.

Description: A login attempt causes a NULL pointer dereference when the database is not initialized.

Discovery 2018-04-24
Entry 2018-04-26
quassel

< 0.12.5

quassel-core

< 0.12.5

https://bugs.gentoo.org/653834
https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e
https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b