Vulnerabilities > CVE-2015-8547 - Code vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

quassel-irc

opensuse

CWE-17

nessus

NVD

Published: 2016-01-08

Updated: 2018-10-30

Summary

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

Vulnerable Configurations

Part	Description	Count
Application	Quassel-Irc Quassel IRC Quassel 0.1.0 Quassel IRC Quassel 0.2.0 Quassel IRC Quassel 0.3.0 Quassel IRC Quassel 0.3.0.1 Quassel IRC Quassel 0.3.0.2 Quassel IRC Quassel 0.3.0.3 Quassel IRC Quassel 0.3.1 Quassel IRC Quassel 0.4.0 Quassel IRC Quassel 0.4.1 Quassel IRC Quassel 0.4.2 Quassel IRC Quassel 0.4.3 Quassel IRC Quassel 0.5 Quassel IRC Quassel 0.5.0 Quassel IRC Quassel 0.5.1 Quassel IRC Quassel 0.5.2 Quassel IRC Quassel 0.6 Quassel IRC Quassel 0.6.0 Quassel IRC Quassel 0.6.1 Quassel IRC Quassel 0.6.2 Quassel IRC Quassel 0.6.3 Quassel IRC Quassel 0.7 Quassel IRC Quassel 0.7.0 Quassel IRC Quassel 0.7.1 Quassel IRC Quassel 0.7.2 Quassel IRC Quassel 0.7.3 Quassel IRC Quassel 0.7.4 Quassel IRC Quassel 0.8 Quassel IRC Quassel 0.8.0 Quassel IRC Quassel 0.9 Quassel IRC Quassel 0.9.0 Quassel IRC Quassel 0.9.1 Quassel IRC Quassel 0.9.2 Quassel IRC Quassel 0.9.3 Quassel IRC Quassel 0.10 Quassel IRC Quassel 0.10.0	53
OS	Opensuse Opensuse Leap 42.1 Opensuse Opensuse 13.1 Opensuse Opensuse 13.2	3

Common Weakness Enumeration (CWE)

CWE-17 - Code

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-3BC3D7F66E.NASL
description	Added security fix for CVE-2015-8547 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-03-04
plugin id	89517
published	2016-03-04
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89517
title	Fedora 22 : quassel-0.12.2-6.fc22 (2016-3bc3d7f66e)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-7F0B1E47AC.NASL
description	Added security fix for CVE-2015-8547 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-03-04
plugin id	89571
published	2016-03-04
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89571
title	Fedora 23 : quassel-0.12.2-6.fc23 (2016-7f0b1e47ac)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-938.NASL
description	Quassel was updated to fix a remote DoS security issue. The following vulnerability was fixed : - CVE-2015-8547: Remote DoS in Quassel core
last seen	2020-06-05
modified	2015-12-29
plugin id	87617
published	2015-12-29
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87617
title	openSUSE Security Update : quassel (openSUSE-2015-938)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_9E7306B9A5C311E5B86414DAE9D210B8.NASL
description	Pierre Schweitzer reports : Any client sending the command
last seen	2020-06-01
modified	2020-06-02
plugin id	87542
published	2015-12-22
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87542
title	FreeBSD : quassel -- remote denial of service (9e7306b9-a5c3-11e5-b864-14dae9d210b8)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References