Quassel Security Vulnerabilities and Issues — Quassel CVE List

Lucene search

Quassel-ircQuassel

5 matches found

CVE•added 2018/05/08 3:29 p.m.•84 views

CVE-2018-1000179

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.

7.5CVSS8AI score0.00564EPSS

CVE•added 2021/06/17 2:15 p.m.•71 views

CVE-2021-34825

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.

7.5CVSS7.2AI score0.00124EPSS

CVE•added 2015/05/14 2:59 p.m.•56 views

CVE-2015-3427

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

7.5CVSS7.4AI score0.00671EPSS

CVE•added 2016/06/13 7:59 p.m.•51 views

CVE-2016-4414

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

7.5CVSS7.1AI score0.02898EPSS

CVE•added 2016/01/08 7:59 p.m.•45 views

CVE-2015-8547

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

7.5CVSS7.2AI score0.02362EPSS