CVE-2018-1000178

CRITICAL9.8EPSS 1.1%

quassel - security update

Published: 5/8/2018Modified: 4/28/2026

Also known as:DEBIAN-CVE-2018-1000178

Description

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

Affected packages (3)

Debian/quasselfrom 0, < 1:0.12.5-1
Debian/quasselfrom 0, < 0.8.0-1+deb7u4
Debian/quasselfrom 0, < 1:0.10.0-2.3+deb8u4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-1000178