The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Quassel | Quassel-irc | * | 0.7.2 (including) |
| Quassel | Quassel-irc | 0.3.0 (including) | 0.3.0 (including) |
| Quassel | Quassel-irc | 0.3.1 (including) | 0.3.1 (including) |
| Quassel | Quassel-irc | 0.4.0 (including) | 0.4.0 (including) |
| Quassel | Quassel-irc | 0.4.1 (including) | 0.4.1 (including) |
| Quassel | Quassel-irc | 0.4.2 (including) | 0.4.2 (including) |
| Quassel | Quassel-irc | 0.4.3 (including) | 0.4.3 (including) |
| Quassel | Quassel-irc | 0.5.0 (including) | 0.5.0 (including) |
| Quassel | Quassel-irc | 0.5.1 (including) | 0.5.1 (including) |
| Quassel | Quassel-irc | 0.5.2 (including) | 0.5.2 (including) |
| Quassel | Quassel-irc | 0.6.0 (including) | 0.6.0 (including) |
| Quassel | Quassel-irc | 0.6.1 (including) | 0.6.1 (including) |
| Quassel | Quassel-irc | 0.7.0 (including) | 0.7.0 (including) |
| Quassel | Quassel-irc | 0.7.1 (including) | 0.7.1 (including) |