Vulnerability Name: | CVE-2011-3354 (CCN-69682) | ||||||||
Assigned: | 2011-09-08 | ||||||||
Published: | 2011-09-08 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-399 | ||||||||
Vulnerability Consequences: | Denial of Service | ||||||||
References: | Source: CCN Type: Quassel IRC Bug #1095 Core crash CTCP Source: CONFIRM Type: Patch http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp Source: MITRE Type: CNA CVE-2011-3354 Source: CCN Type: Quassel GIT Repository Quassel Source: OSVDB Type: UNKNOWN 75351 Source: CCN Type: SA45870 Quassel IRC Core CTCP Processing Denial of Service Vulnerability Source: SECUNIA Type: Vendor Advisory 45970 Source: MLIST Type: UNKNOWN [oss-security] 20110908 CVE request: Quassel < 0.7.3 CTCP request core DoS Source: MLIST Type: UNKNOWN [oss-security] 20110909 Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Source: CCN Type: OSVDB ID: 75351 Quassel IRC src/core/ctcpparser.cpp CtcpParser::packedReply() Method CTCP Message Parsing Remote DoS Source: BID Type: UNKNOWN 49526 Source: CCN Type: BID-49526 Quassel Core CTCP Remote Denial of Service Vulnerability Source: UBUNTU Type: UNKNOWN USN-1200-1 Source: CONFIRM Type: UNKNOWN https://bugs.gentoo.org/show_bug.cgi?id=382313 Source: XF Type: UNKNOWN quasselirc-ctcp-dos(69682) Source: XF Type: UNKNOWN quasselirc-ctcp-dos(69682) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |