CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption
Bug #1388333 reported by
Felix Geyer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
quassel (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
https:/
> Check for invalid input in encrypted buffers
>
> The ECB Blowfish decryption function assumed that encrypted input would
> always come in blocks of 12 characters, as specified. However, buggy
> clients or annoying people may not adhere to that assumption, causing
> the core to crash while trying to process the invalid base64 input.
CVE References
To post a comment you must log in.
This bug was fixed in the package quassel - 0.11.0-0ubuntu1
---------------
quassel (0.11.0-0ubuntu1) vivid; urgency=medium
* New upstream release. patches/ CVE-2014- 8483.patch
* Fix CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption.
- Add debian/
- LP: #1388333
* Simplify debian/rules a bit by using debhelper compal level 9.
* Add a systemd service file.
-- Felix Geyer <email address hidden> Sat, 01 Nov 2014 11:52:52 +0100