'[oss-security] Re: CVE request: denial of service in Quassel'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: denial of service in Quassel
From:       cve-assign () mitre ! org
Date:       2015-03-28 5:44:52
Message-ID: 20150328054452.571E472E218 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> The second is
>> the core crash caused by sending an overlength CTCP query ("/me")
>> containing only multibyte characters. This bug was caused by the
>> old CTCP splitter using the byte index from lastParamOverrun() as
>> a character index for a QString.

> This seems to be, very roughly, an issue of incorrectly determining a
> data-structure length by using a wrong-sized data type for counting.
> It happens to be about multibyte characters but that's of secondary
> importance. This will almost certainly have a unique CVE ID ...

Use CVE-2015-2778.


>> Unlike what it replaces, the new splitting code is not recursive
>> and cannot cause stack overflows.

>>> But, be it a crash or a hang, it would cause a denial of
>>> service for any client connected to core.

Use CVE-2015-2779.


> The first is garbage characters caused
> by accidentally splitting the string in the middle of a multibyte
> character.

As suggested earlier, this has no CVE ID.


> if it is unable
> to split a string, it will give up gracefully and not crash the
> core or cause a thread to run away.

As suggested earlier, this has no CVE ID.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVFj9MAAoJEKllVAevmvmshfkH/0fpuId3QRMrFZW+S6Of4+Lc
jRGjVNJDUVnSkkIvAPFtSpRZv0Xwx/Tff255Nx4OByaNGpVv6ocrdggHKXhxQq4G
AMD2qNpBuIx7esTqTA40w6B70GPQOZF35+nOzNP0tsK7SFI+cPmyfDY/sB2JCzP2
fAmyCzX2JD1G9I7/5OyrhCYlV0RySzuMjdSC/LD0ikdEwkNP9V/IKm5HeufYvvyh
BAQKItg1kRsKIVFMajTU2oXEqrPVTXsj/dNI6u6fpwOwidxv5jdBw0ggWFeAyb5W
UYlRDPVBjMiMox5tLqC+2yC3vkykkBVlNgE1BBGQOmkBpgEQnzz8iQfJPSybw9w=
=czV4
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic