FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
499f6b41-58db-4f98-b8e7-da8c18985eda	quassel -- multiple vulnerabilities Gentoo reports: quasselcore: corruption of heap metadata caused by qdatastream leading to preauth remote code execution. Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol. Description: In Qdatastream protocol each object is prepended with 4 bytes for the object size, this can be used to trigger allocation errors. quasselcore DDOS Severity: low, only impacts unconfigured quasselcore instances. Description: A login attempt causes a NULL pointer dereference when the database is not initialized. Discovery 2018-04-24 Entry 2018-04-26 quassel < 0.12.5 quassel-core < 0.12.5 https://bugs.gentoo.org/653834 https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b
7d64d00c-43e3-11e6-ab34-002590263bf5	quassel -- remote denial of service Mitre reports: The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. Discovery 2016-04-24 Entry 2016-07-07 quassel < 0.12.4 CVE-2016-4414 http://quassel-irc.org/node/129 https://github.com/quassel/quassel/commit/e678873 http://www.openwall.com/lists/oss-security/2016/04/30/2 http://www.openwall.com/lists/oss-security/2016/04/30/4
9e7306b9-a5c3-11e5-b864-14dae9d210b8	quassel -- remote denial of service Pierre Schweitzer reports: Any client sending the command "/op *" in a query will cause the Quassel core to crash. Discovery 2015-11-22 Entry 2015-12-18 quassel < 0.12.2_1 http://www.openwall.com/lists/oss-security/2015/12/12/1 CVE-2015-8547

VuXML ID

Description

499f6b41-58db-4f98-b8e7-da8c18985eda

quassel -- multiple vulnerabilities

Gentoo reports:

quasselcore: corruption of heap metadata caused by qdatastream leading to preauth remote code execution.

Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol.

Description: In Qdatastream protocol each object is prepended with 4 bytes for the object size, this can be used to trigger allocation errors.

quasselcore DDOS

Severity: low, only impacts unconfigured quasselcore instances.

Description: A login attempt causes a NULL pointer dereference when the database is not initialized.

Discovery 2018-04-24
Entry 2018-04-26
quassel

< 0.12.5

quassel-core

< 0.12.5

https://bugs.gentoo.org/653834
https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e
https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b

7d64d00c-43e3-11e6-ab34-002590263bf5

quassel -- remote denial of service

Mitre reports:

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

Discovery 2016-04-24
Entry 2016-07-07
quassel

< 0.12.4

CVE-2016-4414
http://quassel-irc.org/node/129
https://github.com/quassel/quassel/commit/e678873
http://www.openwall.com/lists/oss-security/2016/04/30/2
http://www.openwall.com/lists/oss-security/2016/04/30/4

9e7306b9-a5c3-11e5-b864-14dae9d210b8

quassel -- remote denial of service

Pierre Schweitzer reports:

Any client sending the command "/op *" in a query will cause the Quassel core to crash.

Discovery 2015-11-22
Entry 2015-12-18
quassel

< 0.12.2_1

http://www.openwall.com/lists/oss-security/2015/12/12/1
CVE-2015-8547