CVE-2014-8483

Publication date 29 October 2014

Last updated 24 July 2024

Description

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
konversation	14.10 utopic	Fixed 1.5-1ubuntu1.14.10.1
	14.04 LTS trusty	Fixed 1.5-1ubuntu1.14.04.1
	12.04 LTS precise	Fixed 1.4-1ubuntu2.1
	10.04 LTS lucid	Fixed 1.2.3-1ubuntu2.1
quassel	14.10 utopic	Fixed 0.10.1-0ubuntu1.1
	14.04 LTS trusty	Fixed 0.10.0-0ubuntu2.1
	12.04 LTS precise	Fixed 0.8.0-0ubuntu1.2
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
quassel	Upstream: 8b5ecd2

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2401-1
Konversation vulnerability
10 November 2014

Other references

https://www.kde.org/info/security/advisory-20141104-1.txt
https://www.cve.org/CVERecord?id=CVE-2014-8483