7.5
CVE-2008-5657
- EPSS 2.11%
- Veröffentlicht 17.12.2008 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:00:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Quassel ≫ Quassel Core Version <= 0.3.0.2
Quassel ≫ Quassel Core Version0.1.0
Quassel ≫ Quassel Core Version0.2.0 Updatealpha1
Quassel ≫ Quassel Core Version0.2.0 Updatealpha2
Quassel ≫ Quassel Core Version0.2.0 Updatealpha3
Quassel ≫ Quassel Core Version0.2.0 Updatealpha4
Quassel ≫ Quassel Core Version0.2.0 Updatealpha5
Quassel ≫ Quassel Core Version0.2.0 Updatebeta1
Quassel ≫ Quassel Core Version0.2.0 Updatepre
Quassel ≫ Quassel Core Version0.2.0 Updaterc1
Quassel ≫ Quassel Core Version0.3.0
Quassel ≫ Quassel Core Version0.3.0 Updatepre
Quassel ≫ Quassel Core Version0.3.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.11% | 0.794 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550
http://quassel-irc.org/node/89
http://secunia.com/advisories/32470
http://secunia.com/advisories/32692
http://wouter.coekaerts.be/site/security/quassel-ctcp
http://www.securityfocus.com/archive/1/497882/30/0/threaded
http://www.securityfocus.com/archive/1/497884
http://www.securityfocus.com/bid/31973
http://www.vupen.com/english/advisories/2008/3164
https://exchange.xforce.ibmcloud.com/vulnerabilities/46195
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00354.html