FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Konversation -- out-of-bounds read on a heap-allocated array

Affected packages
konversation < 1.5.1

Details

VuXML ID 0167f5ad-64ea-11e4-98c1-00269ee29e57
Discovery 2014-11-04
Entry 2014-11-05

Konversation developers report:

Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user.

References

CVE Name CVE-2014-8483
URL https://www.kde.org/info/security/advisory-20141104-1.txt