CVE-2018-1000178

CRITICAL9.8EPSS 1.1%

quassel - security update

發布日:2018/5/8修改日:2026/4/28

描述

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

受影響套件(3)

Debian/quasselfrom 0, < 1:0.12.5-1
Debian/quasselfrom 0, < 0.8.0-1+deb7u4
Debian/quasselfrom 0, < 1:0.10.0-2.3+deb8u4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-1000178