CVE-2018-1000178

Name of the Vulnerable Software and Affected Versions quassel version 0.12.4

Description A heap corruption issue exists in the quasselcore component of quassel, specifically in the void DataStreamPeer::processMessage(const QByteArray &msg) function located in datastreampeer.cpp at line 62. This issue allows an attacker to execute code remotely.

Recommendations For quassel version 0.12.4, consider restricting access to the processMessage function in DataStreamPeer until a patch is available. As a temporary workaround, avoid using the quasselcore component if possible, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.