UBUNTU-CVE-2018-1000178

Source
https://ubuntu.com/security/CVE-2018-1000178
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000178.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-1000178
Related
Published
2018-05-08T15:29:00Z
Modified
2025-01-13T10:21:51Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

References

Affected packages

Ubuntu:14.04:LTS / quassel

Package

Name
quassel
Purl
pkg:deb/ubuntu/quassel@0.10.0-0ubuntu2.3?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.0-0ubuntu2.3

Affected versions

0.*

0.9.1-0ubuntu1
0.9.2-0ubuntu1
0.9.2-0ubuntu2
0.9.2-0ubuntu3
0.9.2-0ubuntu4
0.10~beta1-0ubuntu1
0.10~rc1-0ubuntu1
0.10.0-0ubuntu1
0.10.0-0ubuntu2
0.10.0-0ubuntu2.1
0.10.0-0ubuntu2.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-client"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-client-dbgsym"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-client-qt4"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-client-qt4-dbgsym"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-core"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-core-dbgsym"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-data"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-dbg"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-dbgsym"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-qt4"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-qt4-data"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.3",
            "binary_name": "quassel-qt4-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / quassel

Package

Name
quassel
Purl
pkg:deb/ubuntu/quassel@0.12.2-0ubuntu1.16.04.2?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.2-0ubuntu1
0.12.2-0ubuntu1.16.04.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / quassel

Package

Name
quassel
Purl
pkg:deb/ubuntu/quassel@1:0.12.4-3ubuntu1.18.04.3?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.12.4-3ubuntu1.18.04.3

Affected versions

1:0.*

1:0.12.4-2ubuntu2
1:0.12.4-2ubuntu3
1:0.12.4-3ubuntu1
1:0.12.4-3ubuntu1.18.04.1
1:0.12.4-3ubuntu1.18.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:0.12.4-3ubuntu1.18.04.3",
            "binary_name": "quassel"
        },
        {
            "binary_version": "1:0.12.4-3ubuntu1.18.04.3",
            "binary_name": "quassel-client"
        },
        {
            "binary_version": "1:0.12.4-3ubuntu1.18.04.3",
            "binary_name": "quassel-client-dbgsym"
        },
        {
            "binary_version": "1:0.12.4-3ubuntu1.18.04.3",
            "binary_name": "quassel-core"
        },
        {
            "binary_version": "1:0.12.4-3ubuntu1.18.04.3",
            "binary_name": "quassel-core-dbgsym"
        },
        {
            "binary_version": "1:0.12.4-3ubuntu1.18.04.3",
            "binary_name": "quassel-data"
        },
        {
            "binary_version": "1:0.12.4-3ubuntu1.18.04.3",
            "binary_name": "quassel-dbgsym"
        }
    ]
}