SUSE CVE-2018-1000178

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessageconst QByteArray &msg datastreampeer.cpp line 62 that allows an attacker to execute code remotely...

CVE-2018-1000179

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handleconst Login &msg coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service...

Debian DSA-4189-1 : quassel - security update

Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service. Note that you need to restart the 'quasselcore' service after upgrading the Quassel packages. C Tenable Network Security, Inc. The descriptive text and package...

quassel -- multiple vulnerabilities

Gentoo reports: quasselcore: corruption of heap metadata caused by qdatastream leading to preauth remote code execution. Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol. Description: In Qdatastream protocol each...