CVE-2014-8483 - Vulnerability Details - OpenCVE

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Opensuse	Opensuse
Quassel-irc	Quassel Irc

Configuration 1 [-]

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:quassel-irc:quassel_irc:0.10.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

No data.

References

Link	Providers
http://bugs.quassel-irc.org/issues/1314
http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://secunia.com/advisories/61932
http://secunia.com/advisories/62035
http://secunia.com/advisories/62261
http://www.debian.org/security/2014/dsa-3063
http://www.debian.org/security/2014/dsa-3068
http://www.ubuntu.com/usn/USN-2401-1
https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-11-06T15:00:00

Updated: 2024-08-06T13:18:48.337Z

Reserved: 2014-10-24T00:00:00

Link: CVE-2014-8483

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-11-06T15:55:09.523

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-8483

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-25T12:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "61932", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61932"}, {"name": "openSUSE-SU-2014:1406", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"}, {"name": "USN-2401-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2401-1"}, {"name": "62261", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62261"}, {"name": "DSA-3063", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3063"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.quassel-irc.org/issues/1314"}, {"name": "openSUSE-SU-2015:0573", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"}, {"name": "DSA-3068", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3068"}, {"name": "62035", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62035"}, {"name": "openSUSE-SU-2014:1382", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8483", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "61932", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61932"}, {"name": "openSUSE-SU-2014:1406", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"}, {"name": "USN-2401-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2401-1"}, {"name": "62261", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62261"}, {"name": "DSA-3063", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3063"}, {"name": "http://bugs.quassel-irc.org/issues/1314", "refsource": "CONFIRM", "url": "http://bugs.quassel-irc.org/issues/1314"}, {"name": "openSUSE-SU-2015:0573", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"}, {"name": "DSA-3068", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3068"}, {"name": "62035", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62035"}, {"name": "openSUSE-SU-2014:1382", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"}, {"name": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138", "refsource": "CONFIRM", "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:18:48.337Z"}, "title": "CVE Program Container", "references": [{"name": "61932", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61932"}, {"name": "openSUSE-SU-2014:1406", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"}, {"name": "USN-2401-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2401-1"}, {"name": "62261", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62261"}, {"name": "DSA-3063", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3063"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.quassel-irc.org/issues/1314"}, {"name": "openSUSE-SU-2015:0573", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"}, {"name": "DSA-3068", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3068"}, {"name": "62035", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62035"}, {"name": "openSUSE-SU-2014:1382", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8483", "datePublished": "2014-11-06T15:00:00", "dateReserved": "2014-10-24T00:00:00", "dateUpdated": "2024-08-06T13:18:48.337Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D62A66D6-7508-4333-A414-4102CBB072F8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."}, {"lang": "es", "value": "La funci\u00f3n blowfishECB en core/cipher.cpp en Quassel IRC 0.10.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de rango) a trav\u00e9s de una cadena malformada."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/125.html\">CWE-125: Out-of-bounds Read</a>", "id": "CVE-2014-8483", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-06T15:55:09.523", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://bugs.quassel-irc.org/issues/1314"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/61932"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/62035"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/62261"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3063"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3068"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2401-1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://bugs.quassel-irc.org/issues/1314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/61932"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/62035"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/62261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2401-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}