Quassel-irc : Security Vulnerabilities, CVEs, CVSS score >= 6
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
Max CVSS
7.5
EPSS Score
0.21%
Published
2021-06-17
Updated
2022-07-12
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.
Max CVSS
7.5
EPSS Score
0.44%
Published
2018-05-08
Updated
2020-10-26
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.
Max CVSS
9.8
EPSS Score
1.60%
Published
2018-05-08
Updated
2020-10-26
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
Max CVSS
7.5
EPSS Score
2.65%
Published
2016-06-13
Updated
2018-10-30
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
Max CVSS
7.5
EPSS Score
2.83%
Published
2016-01-08
Updated
2018-10-30
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
Max CVSS
7.5
EPSS Score
0.11%
Published
2015-05-14
Updated
2016-12-06
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
Max CVSS
6.8
EPSS Score
0.35%
Published
2013-10-23
Updated
2021-06-16
7 vulnerabilities found