CVE-2015-8547

moderate-risk
Published 2016-01-08

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

Do I need to act?

~
2.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (4)

Quassel

Affected Vendors

Quassel-Irc Opensuse

References (14)

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.ht...
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.ht...
http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html
http://www.openwall.com/lists/oss-security/2015/12/12/1
http://www.openwall.com/lists/oss-security/2015/12/13/1
Vendor Advisory https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265d...
https://github.com/quassel/quassel/pull/153
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.ht...
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.ht...
http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html
http://www.openwall.com/lists/oss-security/2015/12/12/1
http://www.openwall.com/lists/oss-security/2015/12/13/1
Vendor Advisory https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265d...
https://github.com/quassel/quassel/pull/153
41
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 5/34 · Minimal
Exposure 10/34 · Low