[Bug 1388333] [NEW] CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption
Felix Geyer
debfx-pkg at fobos.de
Sat Nov 1 09:04:23 UTC 2014
*** This bug is a security vulnerability ***
Public security bug reported:
https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
> Check for invalid input in encrypted buffers
>
> The ECB Blowfish decryption function assumed that encrypted input would
> always come in blocks of 12 characters, as specified. However, buggy
> clients or annoying people may not adhere to that assumption, causing
> the core to crash while trying to process the invalid base64 input.
** Affects: quassel (Ubuntu)
Importance: Undecided
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8483
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to quassel in Ubuntu.
https://bugs.launchpad.net/bugs/1388333
Title:
CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1388333/+subscriptions
More information about the kubuntu-bugs
mailing list