CVE-2018-1000178
Description
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.075
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| quassel security update(DSA-3063-1) quassel_0.12.4-2_amd64.deb | Linux |
| quassel security update(DSA-3258-1) quassel_0.12.4-2_i386.deb | Linux |
| quassel security update(DSA-3258-1) quassel_0.12.4-2_amd64.deb | Linux |
| quassel security update(DSA-4189-1) quassel_0.12.4-2_i386.deb | Linux |
| quassel security update(DSA-4189-1) quassel_0.12.4-2_amd64.deb | Linux |
| distributed IRC client - monolithic core+client (USN-4594-1) quassel_0.12.4-3ubuntu1.18.04.3_i386.deb | Linux |
| distributed IRC client - monolithic core+client (USN-4594-1) quassel_0.12.4-3ubuntu1.18.04.3_amd64.deb | Linux |
| distributed IRC client - monolithic core+client (USN-4594-1) quassel-core_0.12.4-3ubuntu1.18.04.3_i386.deb | Linux |
| distributed IRC client - monolithic core+client (USN-4594-1) quassel-core_0.12.4-3ubuntu1.18.04.3_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234