Quassel-Irc: >> Quassel >> 0.11.0 Security Vulnerabilities
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-06-17
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
CVSS Score
7.5
EPSS Score
0.029
Published
2016-06-13
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
CVSS Score
7.5
EPSS Score
0.004
Published
2015-05-14
Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.
CVSS Score
5.0
EPSS Score
0.017
Published
2015-04-10
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.
CVSS Score
5.0
EPSS Score
0.016
Published
2015-04-10