Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201605-5 ======================================== Severity: Medium Date : 2016-05-05 CVE-ID : CVE-2016-4414 Package : quassel-core Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package quassel-core before version 0.12.4-1 is vulnerable to denial of service attack by unauthenticated clients. Resolution ========= Upgrade to 0.12.4-1. # pacman -Syu "quassel-core>=0.12.4-1" The problem has been fixed upstream in version 0.12.4. Workaround ========= None. Description ========== - CVE-2016-4414 (denial of service) It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match, in which case PeerFactory::createPeer returns a nullptr, which is immediately dereferenced. Impact ===== A remote attacker is able to crash the quassel-core with an unauthenticated client. References ========= https://www.cve.org/CVERecord?id=CVE-2016-4414 https://marc.info/?l=oss-security&m=146204310020229&w=2 https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746