Vulnerabilities > CVE-2016-4414

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
opensuse
quassel-irc
fedoraproject
nessus
NVD
Published: 2016-06-13
Updated: 2018-10-30

Summary

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

Vulnerable Configurations

Part Description Count
OS
Opensuse
2
OS
Fedoraproject
3
Application
Quassel-Irc
63

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7D64D00C43E311E6AB34002590263BF5.NASL
    descriptionMitre reports : The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
    last seen2020-06-01
    modified2020-06-02
    plugin id91966
    published2016-07-07
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91966
    titleFreeBSD : quassel -- remote denial of service (7d64d00c-43e3-11e6-ab34-002590263bf5)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-0431ACAA78.NASL
    descriptionSecurity fix for CVE-2016-4414, Update to latest upstream quassel release, 0.12.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-05-09
    plugin id90946
    published2016-05-09
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90946
    titleFedora 22 : quassel-0.12.4-1.fc22 (2016-0431acaa78)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-42F30D76A0.NASL
    descriptionSecurity fix for CVE-2016-4414, Update to latest upstream quassel release, 0.12.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-05-09
    plugin id90953
    published2016-05-09
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90953
    titleFedora 23 : quassel-0.12.4-1.fc23 (2016-42f30d76a0)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-BF916BCC04.NASL
    descriptionSecurity fix for CVE-2016-4414, Update to latest upstream quassel release, 0.12.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-05-09
    plugin id90973
    published2016-05-09
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90973
    titleFedora 24 : quassel-0.12.4-1.fc24 (2016-bf916bcc04)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-589.NASL
    descriptionThis update for quassel fixes the following issues : - CVE-2016-4414: Denial of service vulnerability by unauthenticated clients (boo#978002)
    last seen2020-06-05
    modified2016-05-18
    plugin id91206
    published2016-05-18
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91206
    titleopenSUSE Security Update : quassel (openSUSE-2016-589)

References