5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.023 Low
EPSS
Percentile
89.8%
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a
message, which allows remote attackers to cause a denial of service (crash)
via a long CTCP query containing only multibyte characters.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | quassel | < 0.10.0-0ubuntu2.2 | UNKNOWN |
ubuntu | 14.10 | noarch | quassel | < 0.10.1-0ubuntu1.2 | UNKNOWN |
ubuntu | 15.04 | noarch | quassel | < 0.12.2-0ubuntu0.1 | UNKNOWN |
ubuntu | 15.10 | noarch | quassel | < 0.12.2-0ubuntu0.1 | UNKNOWN |
ubuntu | 16.04 | noarch | quassel | < 0.12.2-0ubuntu0.1 | UNKNOWN |
ubuntu | 16.10 | noarch | quassel | < 0.12.2-0ubuntu0.1 | UNKNOWN |
ubuntu | 17.04 | noarch | quassel | < 0.12.2-0ubuntu0.1 | UNKNOWN |
lists.opensuse.org/opensuse-updates/2015-04/msg00018.html
www.openwall.com/lists/oss-security/2015/03/20/12
www.openwall.com/lists/oss-security/2015/03/27/11
www.openwall.com/lists/oss-security/2015/03/28/3
github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
launchpad.net/bugs/cve/CVE-2015-2778
nvd.nist.gov/vuln/detail/CVE-2015-2778
security-tracker.debian.org/tracker/CVE-2015-2778
www.cve.org/CVERecord?id=CVE-2015-2778