Vulnerability Details CVE-2014-8483
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://bugs.quassel-irc.org/issues/1314
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
- http://secunia.com/advisories/61932
- http://secunia.com/advisories/62035
- http://secunia.com/advisories/62261
- http://www.debian.org/security/2014/dsa-3063
- http://www.debian.org/security/2014/dsa-3068
- http://www.ubuntu.com/usn/USN-2401-1
- https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
- http://bugs.quassel-irc.org/issues/1314
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
- http://secunia.com/advisories/61932
- http://secunia.com/advisories/62035
- http://secunia.com/advisories/62261
- http://www.debian.org/security/2014/dsa-3063
- http://www.debian.org/security/2014/dsa-3068
- http://www.ubuntu.com/usn/USN-2401-1
- https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
Products affected by CVE-2014-8483
-
cpe:2.3:a:quassel-irc:quassel_irc:0.10.0
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:opensuse:opensuse:12.3
-
cpe:2.3:o:opensuse:opensuse:13.1
-
cpe:2.3:o:opensuse:opensuse:13.2