CVE-2011-3354

Priority
Medium
Description
The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before
0.7.3 allows remote attackers to cause a denial of service (crash) via a
crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the
wild in September 2011.
References
Bugs
Notes
jdstrand> remote DoS being actively exploited
jdstrand> CVE requested on oss-security
Assigned-to
jdstrand
Package
Upstream:released (0.7.3)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (0.6.1-0ubuntu1.2)
Ubuntu 11.04 (Natty Narwhal):released (0.7.2-0ubuntu2.2)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (0.7.3-0ubuntu1)
Patches:
Patch:http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:24 UTC (commit 5347)