Описание
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| quassel | fixed | 1:0.12.4-2 | package | |
| quassel | fixed | 1:0.10.0-2.3+deb8u3 | jessie | package |
| quassel | not-affected | wheezy | package |
Примечания
https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
Introduced by: https://github.com/quassel/quassel/commit/d1bf207 (0.10.0)
Fixed by: https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746 (0.12.4)
https://www.openwall.com/lists/oss-security/2016/04/30/2
Связанные уязвимости
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.