CVE-2011-3354

Publication date 9 September 2011

Last updated 24 July 2024


Ubuntu priority

The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.

Read the notes from the security team

Status

Package Ubuntu Release Status
quassel 11.04 natty
Fixed 0.7.2-0ubuntu2.2
10.10 maverick
Fixed 0.7.1-0ubuntu1.1
10.04 LTS lucid
Fixed 0.6.1-0ubuntu1.2
8.04 LTS hardy Not in release

Notes


jdstrand

remote DoS being actively exploited CVE requested on oss-security

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
quassel