Vulnerabilities > CVE-2010-3443 - Resource Management Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201311-03.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201311-03 (Quassel: Multiple Vulnerabilities) Two vulnerabilities have been found in Quassel: Quassel does not properly handle multiple CTCP requests (CVE-2010-3443). Quassel, when used with certain versions of Qt and PostgreSQL, does not sanitize user input (CVE-2013-4422). Impact : A remote attacker could send multiple CTCP requests in single private message, possibly resulting in a Denial of Service condition. Futhermore, a remote attacker may be able to execute arbitrary SQL statements. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 70778 |
published | 2013-11-07 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/70778 |
title | GLSA-201311-03 : Quassel: Multiple Vulnerabilities |
code |
|
References
- http://ubuntu.com/usn/usn-991-1
- http://security.gentoo.org/glsa/glsa-201311-03.xml
- http://bugs.quassel-irc.org/issues/1024
- http://quassel-irc.org/node/115
- http://bugs.quassel-irc.org/issues/1023
- http://secunia.com/advisories/55581
- http://git.quassel-irc.org/?p=quassel.git%3Ba=commitdiff%3Bh=a4ca568cdf68cf4a0343eb161518dc8e50cea87d