CVE-2014-8483
konversation - security update
EPSS 2.3%
Description
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
How to fix CVE-2014-8483
To remediate CVE-2014-8483, upgrade the affected package to a fixed version below.
- Debian/konversation—upgrade to 1.5-2 or later
- Debian/konversation—upgrade to 1.3.1-2+deb6u1 or later
- Debian/konversation—upgrade to 1.4-1+deb7u1 or later
- Debian/quassel—upgrade to 0.10.0-2.1 or later
- —upgrade to 0.8.0-1+deb7u3 or later
Is CVE-2014-8483 being exploited?
Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 1.5-2
- from 0, < 1.3.1-2+deb6u1
- from 0, < 1.4-1+deb7u1
- from 0, < 0.10.0-2.1
- from 0, < 0.8.0-1+deb7u3