CVE-2015-3427

EPSS 0.44%

quassel - security update

Published: 5/14/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3427

Description

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

Affected packages (2)

Debian/quasselfrom 0, < 1:0.10.0-2.4
Debian/quasselfrom 0, < 1:0.10.0-2.3+deb8u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3427