CVE-2011-3354

Priority
Medium
Description
The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before
0.7.3 allows remote attackers to cause a denial of service (crash) via a
crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the
wild in September 2011.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3354
http://www.openwall.com/lists/oss-security/2011/09/08/7
http://www.ubuntu.com/usn/usn-1200-1
Bugs
https://bugs.launchpad.net/ubuntu/oneiric/+source/quassel/+bug/845707
Notes
jdstrand> remote DoS being actively exploited
jdstrand> CVE requested on oss-security
Assigned-to
jdstrand
Package
Source: quassel (LP Ubuntu Debian)
Upstream:released (0.7.3)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (0.6.1-0ubuntu1.2)
Ubuntu 11.04 (Natty Narwhal):released (0.7.2-0ubuntu2.2)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (0.7.3-0ubuntu1)
Patches:
Patch:http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:24 UTC (commit 5347)