Bug #1023

Possible DoS attack vulnerability for multiple CTCP requests

Added by johu almost 4 years ago. Updated almost 4 years ago.

Status:ResolvedStart date:09/21/2010
Priority:HighDue date:09/21/2010
Assignee:EgS% Done:

100%

Category:Quassel Core
Target version:0.6.3
Version:0.6.2 OS:Any

Description

Thanks to Jima for reporting and supporting.

History

#1 Updated by johu almost 4 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

If we receive multiple CTCP requests in one PRIVMSG we now answer with one packed NOTICE containing all CTCP replies. This fixes a possible DoS Attack rendering Quassels IRC connection useless. Upgrading is strongly recommended. Thanks to Jima for reporting and supporting.

fixed with a4ca568c

Also available in: Atom PDF