ID CVE-2015-2778Type cveReporter NVDModified 2016-12-02T22:06:15
Description
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.
{"title": "CVE-2015-2778", "reporter": "NVD", "enchantments": {"vulnersScore": 5.0}, "published": "2015-04-10T11:00:04", "cvelist": ["CVE-2015-2778"], "viewCount": 2, "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2778", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2977fc8009d576b90d52c94e2b664f4f", "key": "cpe"}, {"hash": "f0f4674146673314c4c81d2ecd4ade29", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "4b6d785c2c82176d64545995aa9f48cc", "key": "description"}, {"hash": "61799e6c0fe38009d8a7415ff0dd8dc4", "key": "href"}, {"hash": "6dfbc0edf87dea1ecb337548e77c8d9a", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "381068a5f59c067b4bfcee7dd9b32403", "key": "published"}, {"hash": "ff3ee8f223bc141fded970faa1bd7d47", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "519ab847ce20e8111c22055415ce89e8", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2015-04-10T11:00:04", "cvelist": ["CVE-2015-2778"], "title": "CVE-2015-2778", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2778", "bulletinFamily": "NVD", "id": "CVE-2015-2778", "history": [], "scanner": [], "cpe": ["cpe:/a:quassel-irc:quassel:0.11.0"], "modified": "2015-04-10T17:01:57", "hash": "16f402c3e82173295b5da8f66ae884bfd5600eab3d63a88beb9ac62ecb0c2866", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "viewCount": 0, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8", "http://www.openwall.com/lists/oss-security/2015/03/20/12", "http://www.openwall.com/lists/oss-security/2015/03/28/3", "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html", "http://www.openwall.com/lists/oss-security/2015/03/27/11"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "519ab847ce20e8111c22055415ce89e8", "key": "title"}, {"hash": "4b6d785c2c82176d64545995aa9f48cc", "key": "description"}, {"hash": "2977fc8009d576b90d52c94e2b664f4f", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "f0f4674146673314c4c81d2ecd4ade29", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "e406f459167740d2de74a26643bc2ee1", "key": "modified"}, {"hash": "61799e6c0fe38009d8a7415ff0dd8dc4", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "381068a5f59c067b4bfcee7dd9b32403", "key": "published"}, {"hash": "92625b28d44af10a08571c1b90200851", "key": "references"}], "lastseen": "2016-09-03T22:24:17", "description": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T22:24:17"}], "scanner": [], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "modified": "2016-12-02T22:06:15", "hash": "0c91bbf1f2b33871d22bcf18eb9e48602107681d89e3a3651d3fefa68dda6b37", "cpe": ["cpe:/a:quassel-irc:quassel:0.11.0"], "edition": 2, "description": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.", "references": ["https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8", "http://www.openwall.com/lists/oss-security/2015/03/20/12", "http://www.openwall.com/lists/oss-security/2015/03/28/3", "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html", "http://www.openwall.com/lists/oss-security/2015/03/27/11", "http://www.securityfocus.com/bid/73305"], "id": "CVE-2015-2778", "lastseen": "2017-04-18T15:56:34", "assessment": {"name": "", "href": "", "system": ""}}
{"result": {"nessus": [{"id": "OPENSUSE-2015-294.NASL", "type": "nessus", "title": "openSUSE Security Update : quassel (openSUSE-2015-294)", "description": "The IRC client quassel was updated to fix two security issues.\n\nThe following vulnerabilities were fixed :\n\n - quassel could crash when receiving an overlength CTCP query containing only multibyte characters (bnc#924930 CVE-2015-2778)\n\n - quassel could incorrectly split a message in the middle of a multibyte character, leading to DoS (bnc#924933 CVE-2015-2779)", "published": "2015-04-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82652", "cvelist": ["CVE-2015-2779", "CVE-2015-2778"], "lastseen": "2017-10-29T13:45:27"}]}}
