Quassel IRC client command injection

2008-10-30T00:00:00
ID SECURITYVULNS:VULN:9395
Type securityvulns
Reporter BUGTRAQ
Modified 2008-10-30T00:00:00

Description

A CTCP ping where the value contains a CTCP quoted newline ('\020' + 'n') will let the Quassel core reply with a message containing an unquoted newline ('\n'). The IRC server interprets this as a command separator.