Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMoU6ub=LxvthwhbL-xW-GT5UWWqJC7nZgMV7JQznghnwqQpLQ@mail.gmail.com>
Date: Fri, 24 Oct 2014 12:39:10 +0200
From: Bas Pape <baspape@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Vulnerability fixed in Quassel?

Hi,

> It appears to me that this is a vulnerability in the Quassel-core
> which allows clients to remotely crash the core and thus cause a
> denial of service using ill-formed messages.
>
> Would it deserve a CVE and/or fixes in distributions which ship it?
> I'm not affiliated in any kind with that project, so I might not have
>  enough information regarding this fix, nor legitimity to request a
> CVE for this.

I think it does deserve a CVE, because it's an instance of CWE-125.
The problem is a max 11-byte out-of-bounds read on a heap-allocated
array. For debug builds this trips an assert in Qt (resulting in
denial of service), otherwise it's an information leak to the user of
Quassel (who may or may not be trusted).

Should a CVE be assigned, note that Quassel took the code (cipher.cpp)
from Konversation, and the same issue has been reported there [1].

-- 
Bas Pape (Tucos)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.