Upstream information

CVE-2014-8483 at MITRE

Description

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 5 1.2
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P AV:L/AC:H/Au:N/C:P/I:N/A:N
Access Vector Network Local
Access Complexity Low High
Authentication None None
Confidentiality Impact None Partial
Integrity Impact None None
Availability Impact Partial None
SUSE Bugzilla entry: 902670 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 15.0
  • konversation >= 1.7.4-lp150.2.1
  • konversation-lang >= 1.7.4-lp150.2.1
Patchnames:
openSUSE Leap 15.0 GA konversation-1.7.4-lp150.2.1
openSUSE Tumbleweed
  • konversation >= 1.6.2-1.3
  • konversation-lang >= 1.6.2-1.3
Patchnames:
openSUSE Tumbleweed GA konversation-1.6.2-1.3