Re: CVE request: denial of service in Quassel

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> > The second is
> > the core crash caused by sending an overlength CTCP query ("/me")
> > containing only multibyte characters. This bug was caused by the
> > old CTCP splitter using the byte index from lastParamOverrun() as
> > a character index for a QString.

> This seems to be, very roughly, an issue of incorrectly determining a
> data-structure length by using a wrong-sized data type for counting.
> It happens to be about multibyte characters but that's of secondary
> importance. This will almost certainly have a unique CVE ID ...

Use CVE-2015-2778.


> > Unlike what it replaces, the new splitting code is not recursive
> > and cannot cause stack overflows.

> > > But, be it a crash or a hang, it would cause a denial of
> > > service for any client connected to core.

Use CVE-2015-2779.


> The first is garbage characters caused
> by accidentally splitting the string in the middle of a multibyte
> character.

As suggested earlier, this has no CVE ID.


> if it is unable
> to split a string, it will give up gracefully and not crash the
> core or cause a thread to run away.

As suggested earlier, this has no CVE ID.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVFj9MAAoJEKllVAevmvmshfkH/0fpuId3QRMrFZW+S6Of4+Lc
jRGjVNJDUVnSkkIvAPFtSpRZv0Xwx/Tff255Nx4OByaNGpVv6ocrdggHKXhxQq4G
AMD2qNpBuIx7esTqTA40w6B70GPQOZF35+nOzNP0tsK7SFI+cPmyfDY/sB2JCzP2
fAmyCzX2JD1G9I7/5OyrhCYlV0RySzuMjdSC/LD0ikdEwkNP9V/IKm5HeufYvvyh
BAQKItg1kRsKIVFMajTU2oXEqrPVTXsj/dNI6u6fpwOwidxv5jdBw0ggWFeAyb5W
UYlRDPVBjMiMox5tLqC+2yC3vkykkBVlNgE1BBGQOmkBpgEQnzz8iQfJPSybw9w=
=czV4
-----END PGP SIGNATURE-----