FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9e7306b9-a5c3-11e5-b864-14dae9d210b8quassel -- remote denial of service

Pierre Schweitzer reports:

Any client sending the command "/op *" in a query will cause the Quassel core to crash.


Discovery 2015-11-22
Entry 2015-12-18
quassel
< 0.12.2_1

http://www.openwall.com/lists/oss-security/2015/12/12/1
CVE-2015-8547
7d64d00c-43e3-11e6-ab34-002590263bf5quassel -- remote denial of service

Mitre reports:

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.


Discovery 2016-04-24
Entry 2016-07-07
quassel
< 0.12.4

CVE-2016-4414
http://quassel-irc.org/node/129
https://github.com/quassel/quassel/commit/e678873
http://www.openwall.com/lists/oss-security/2016/04/30/2
http://www.openwall.com/lists/oss-security/2016/04/30/4
49d9c28c-fbad-11e4-b0fb-00269ee29e57Quassel IRC -- SQL injection vulnerability

Quassel IRC developers report:

Restarting a PostgreSQL database while Quassel Core is running would not properly re-initialize the database session inside Quassel, bringing back an old security issue (CVE-2013-4422).


Discovery 2015-04-23
Entry 2015-05-16
quassel
< 0.11.1

https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283
CVE-2015-3427
499f6b41-58db-4f98-b8e7-da8c18985edaquassel -- multiple vulnerabilities

Gentoo reports:

quasselcore: corruption of heap metadata caused by qdatastream leading to preauth remote code execution.

  • Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol.
  • Description: In Qdatastream protocol each object is prepended with 4 bytes for the object size, this can be used to trigger allocation errors.

quasselcore DDOS

  • Severity: low, only impacts unconfigured quasselcore instances.
  • Description: A login attempt causes a NULL pointer dereference when the database is not initialized.

Discovery 2018-04-24
Entry 2018-04-26
quassel
< 0.12.5

quassel-core
< 0.12.5

https://bugs.gentoo.org/653834
https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e
https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b
f969bad7-46fc-11e3-b6ee-00269ee29e57Quassel IRC -- SQL injection vulnerability

Quassel IRC developers report:

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.


Discovery 2013-10-07
Entry 2013-11-06
quassel
< 0.9.1

CVE-2013-4422