Gentoo reports:
quasselcore: corruption of heap metadata caused by qdatastream
leading to preauth remote code execution.
- Severity: high, by default the server port is publicly open
and the address can be requested using the /WHOIS command of IRC
protocol.
- Description: In Qdatastream protocol each object is prepended
with 4 bytes for the object size, this can be used to trigger
allocation errors.
quasselcore DDOS
- Severity: low, only impacts unconfigured quasselcore
instances.
- Description: A login attempt causes a NULL pointer dereference
when the database is not initialized.