Upstream information

CVE-2014-8483 at MITRE

Description

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 5 1.2
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P AV:L/AC:H/Au:N/C:P/I:N/A:N
Access Vector Network Local
Access Complexity Low High
Authentication None None
Confidentiality Impact None Partial
Integrity Impact None None
Availability Impact Partial None
SUSE Bugzilla entry: 902670 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 15.0
  • konversation >= 1.7.4-lp150.2.1
  • konversation-lang >= 1.7.4-lp150.2.1
Patchnames:
openSUSE Leap 15.0 GA konversation-1.7.4-lp150.2.1
openSUSE Leap 15.2
  • konversation >= 1.7.5-lp152.3.4
  • konversation-lang >= 1.7.5-lp152.3.4
Patchnames:
openSUSE Leap 15.2 GA konversation-1.7.5-lp152.3.14
openSUSE Leap 15.3
  • konversation >= 1.7.5-bp153.1.25
  • konversation-lang >= 1.7.5-bp153.1.25
Patchnames:
openSUSE Leap 15.3 GA konversation-1.7.5-bp153.1.25
openSUSE Tumbleweed
  • konversation >= 1.6.2-1.3
  • konversation-lang >= 1.6.2-1.3
Patchnames:
openSUSE Tumbleweed GA konversation-1.6.2-1.3