CVE-2016-4414 | Vulnerability Database | Aqua Security

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

Affected Software

Name	Vendor	Start Version	End Version
Leap	Opensuse	42.1 (including)	42.1 (including)
Opensuse	Opensuse	13.2 (including)	13.2 (including)
Quassel	Ubuntu	esm-apps/xenial	*
Quassel	Ubuntu	trusty	*
Quassel	Ubuntu	upstream	*
Quassel	Ubuntu	wily	*
Quassel	Ubuntu	xenial	*
Quassel	Ubuntu	yakkety	*
Quassel	Ubuntu	zesty	*

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html
http://quassel-irc.org/node/129
http://www.openwall.com/lists/oss-security/2016/04/30/2
http://www.openwall.com/lists/oss-security/2016/04/30/4
https://github.com/quassel/quassel/commit/e678873

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4414
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html