Pierre Schweitzer

**Name of the Vulnerable Software and Affected Versions** Quassel versions prior to 0.12.2 **Description** The issue arises when the PostgreSQL database is restarted, and Quassel does not properly re-initialize the database session. This allows remote attackers to conduct SQL injection attacks via a backslash (``) in a message. **Recommendations** For Quassel versions prior to 0.12.2, update to version 0.12.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the database or limiting the use of backslashes in messages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Quassel versions prior to 0.12-rc1 **Description** The issue allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. This occurs because Quassel uses an incorrect data-type size when splitting a message. **Recommendations** For Quassel versions prior to 0.12-rc1, update to version 0.12-rc1 or later to resolve the issue. As a temporary workaround, consider restricting the length of CTCP queries to prevent the denial of service.

**Name of the Vulnerable Software and Affected Versions** Quassel versions prior to 0.12-rc1 **Description** The issue is related to a stack consumption problem in the message splitting functionality, allowing remote attackers to cause a denial of service through uncontrolled recursion by sending a crafted message. **Recommendations** For versions prior to 0.12-rc1, update to version 0.12-rc1 or later to resolve the issue.