Quassel

quassel

Vendor: Quassel Irc • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-34825 2Fedoraproject Quassel Irc 2Fedora Quassel Nov 21, 2024 Jun 17, 2021 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
CVE-2018-1000179 2Debian Quassel Irc 2Debian Linux Quassel Nov 21, 2024 May 8, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.
CVE-2018-1000178 2Debian Quassel Irc 2Debian Linux Quassel Nov 21, 2024 May 8, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.
CVE-2016-4414 3Fedoraproject OpensuseQuassel Irc 4Fedora LeapOpensuse+1 more May 6, 2026 Jun 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
CVE-2015-8547 2Opensuse Quassel Irc 3Leap OpensuseQuassel May 6, 2026 Jan 8, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
CVE-2015-3427 2Debian Quassel Irc 2Debian Linux Quassel May 6, 2026 May 14, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE...Show more Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.Show less
CVE-2015-2779 1Quassel Irc 1Quassel May 6, 2026 Apr 10, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.
CVE-2015-2778 1Quassel Irc 1Quassel May 6, 2026 Apr 10, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.
CVE-2011-3354 1Quassel Irc 1Quassel Apr 29, 2026 Oct 4, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in th...Show more The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.Show less