UBUNTU-CVE-2015-3427

Source
https://ubuntu.com/security/CVE-2015-3427
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3427.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-3427
Related
Published
2015-05-14T14:59:00Z
Modified
2025-01-13T10:21:09Z
Summary
[none]
Details

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

References

Affected packages

Ubuntu:14.04:LTS / quassel

Package

Name
quassel
Purl
pkg:deb/ubuntu/quassel@0.10.0-0ubuntu2.2?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.0-0ubuntu2.2

Affected versions

0.*

0.9.1-0ubuntu1
0.9.2-0ubuntu1
0.9.2-0ubuntu2
0.9.2-0ubuntu3
0.9.2-0ubuntu4
0.10~beta1-0ubuntu1
0.10~rc1-0ubuntu1
0.10.0-0ubuntu1
0.10.0-0ubuntu2
0.10.0-0ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.10.0-0ubuntu2.2",
            "binary_name": "quassel"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.2",
            "binary_name": "quassel-client"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.2",
            "binary_name": "quassel-client-qt4"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.2",
            "binary_name": "quassel-core"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.2",
            "binary_name": "quassel-data"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.2",
            "binary_name": "quassel-dbg"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.2",
            "binary_name": "quassel-qt4"
        },
        {
            "binary_version": "0.10.0-0ubuntu2.2",
            "binary_name": "quassel-qt4-data"
        }
    ]
}