Quassel-irc : Security Vulnerabilities, CVEs, (Denial of service)
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.
Max CVSS
7.5
EPSS Score
0.44%
Published
2018-05-08
Updated
2020-10-26
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
Max CVSS
7.5
EPSS Score
2.65%
Published
2016-06-13
Updated
2018-10-30
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
Max CVSS
7.5
EPSS Score
2.83%
Published
2016-01-08
Updated
2018-10-30
Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.
Max CVSS
5.0
EPSS Score
4.21%
Published
2015-04-10
Updated
2016-12-03
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.
Max CVSS
5.0
EPSS Score
2.35%
Published
2015-04-10
Updated
2016-12-03
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
Max CVSS
5.0
EPSS Score
3.31%
Published
2014-11-06
Updated
2018-10-30
The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.
Max CVSS
5.0
EPSS Score
3.76%
Published
2011-10-04
Updated
2017-08-29
ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.
Max CVSS
5.0
EPSS Score
3.16%
Published
2013-11-23
Updated
2023-02-13
8 vulnerabilities found