Your submission was sent successfully! Close

CVE-2015-2778

Published: 10 April 2015

Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.

Priority

Medium

Status

Package Release Status
quassel
Launchpad, Ubuntu, Debian
Upstream
Released (1:0.10.0-2.3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.12.2-0ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.10.0-0ubuntu2.2])
Patches:
Upstream: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
Binaries built from this source package are in Universe and so are supported by the community.