Vulnerabilities > CVE-2014-8483 - Out-Of-Bounds Read vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. <a href="http://cwe.mitre.org/data/definitions/125.html">CWE-125: Out-of-bounds Read</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| OS | 1 | |
| OS | 3 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3068.NASL description It was discovered that Konversation, an IRC client for KDE, could be crashed when receiving malformed messages using FiSH encryption. last seen 2020-03-17 modified 2014-11-10 plugin id 79064 published 2014-11-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79064 title Debian DSA-3068-1 : konversation - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-168.NASL description It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82152 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82152 title Debian DLA-168-1 : konversation security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-251.NASL description KDE and QT were updated to fix security issues and bugs. The following vulerabilities were fixed : - CVE-2014-0190: Malformed GIF files could have crashed QT based applications - CVE-2015-0295: Malformed BMP files could have crashed QT based applications - CVE-2014-8600: Multiple cross-site scripting (XSS) vulnerabilities in the KDE runtime could have allowed remote attackers to insert arbitrary web script or HTML via crafted URIs using one of several supported URL schemes - CVE-2014-8483: A missing size check in the Blowfish ECB could have lead to a crash of Konversation or 11 byte information leak - CVE-2014-3494: The KMail POP3 kioslave accepted invalid certifiates and allowed a man-in-the-middle (MITM) attack Additionally, Konversation was updated to 1.5.1 to fix bugs. last seen 2020-06-05 modified 2015-03-24 plugin id 82014 published 2015-03-24 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82014 title openSUSE Security Update : kdebase4-runtime / kdelibs4 / konversation / etc (openSUSE-2015-251) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-638.NASL description quassel was updated to fix an out-of-bound read (CVE-2014-8483). last seen 2020-06-05 modified 2014-11-11 plugin id 79104 published 2014-11-11 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79104 title openSUSE Security Update : quassel (openSUSE-SU-2014:1382-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3063.NASL description An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted message that crash to component causing a denial of services or disclosure of information from process memory. last seen 2020-03-17 modified 2014-11-04 plugin id 78834 published 2014-11-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78834 title Debian DSA-3063-1 : quassel - security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2401-1.NASL description Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79121 published 2014-11-11 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79121 title Ubuntu 12.04 LTS : konversation vulnerability (USN-2401-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-13791.NASL description Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. See also: https://konversation.kde.org/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-11-17 plugin id 79257 published 2014-11-17 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79257 title Fedora 20 : konversation-1.5.1-1.fc20 (2014-13791) NASL family Fedora Local Security Checks NASL id FEDORA_2014-13702.NASL description Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. See also: https://konversation.kde.org/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-11-17 plugin id 79256 published 2014-11-17 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79256 title Fedora 19 : konversation-1.5.1-1.fc19 (2014-13702) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-659.NASL description konversation was updated to version 1.5.1, fixing bugs and one security issue. Changes : - Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. The KDE Platform version dependency has increased to v4.9.0 to gain access to newer Qt socket transport security flags. - Fixed a bug causing wildcards in command alias replacement patterns not to be expanded. - Fixed a bug causing auto-joining of channels not starting in # or & to sometimes fail because the auto-join command was generated before we got the CHANTYPES pronouncement by the server. - Added a size sanity check for incoming Blowfish ECB blocks. The blind assumption of incoming blocks being the expected 12 bytes could lead to a crash or up to 11 byte information leak due to an out-of-bounds read. CVE-2014-8483. - Enabling SSL/TLS support for connections will now advertise the protocols Qt considers secure by default, instead of being hardcoded to TLSv1. - Fixed the bundled last seen 2020-06-05 modified 2014-11-13 plugin id 79226 published 2014-11-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79226 title openSUSE Security Update : konversation (openSUSE-SU-2014:1406-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-13837.NASL description Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. See also: https://konversation.kde.org/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-11-12 plugin id 79193 published 2014-11-12 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79193 title Fedora 21 : konversation-1.5.1-1.fc21 (2014-13837) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0167F5AD64EA11E498C100269EE29E57.NASL description Konversation developers report : Konversation last seen 2020-06-01 modified 2020-06-02 plugin id 78878 published 2014-11-06 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78878 title FreeBSD : Konversation -- out-of-bounds read on a heap-allocated array (0167f5ad-64ea-11e4-98c1-00269ee29e57)
References
- http://bugs.quassel-irc.org/issues/1314
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
- http://secunia.com/advisories/61932
- http://secunia.com/advisories/62035
- http://secunia.com/advisories/62261
- http://www.debian.org/security/2014/dsa-3063
- http://www.debian.org/security/2014/dsa-3068
- http://www.ubuntu.com/usn/USN-2401-1
- https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138