Unrated severityNVD Advisory· Published Dec 9, 2013· Updated Apr 29, 2026
CVE-2013-6404
CVE-2013-6404
Description
Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.
Affected products
2cpe:2.3:a:quassel-irc:quassel_irc:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:quassel-irc:quassel_irc:*:*:*:*:*:*:*:*range: <=0.9.1
- cpe:2.3:a:quassel-irc:quassel_irc:0.9.0:*:*:*:*:*:*:*
Patches
1a1a24dahttps://github.com/quassel/quasselvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- quassel-irc.org/node/123nvdPatchVendor Advisory
- github.com/quassel/quassel/commit/a1a24danvdExploitPatch
- secunia.com/advisories/55640nvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2013-12/msg00092.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00078.htmlnvd
- osvdb.org/100432nvd
- www.openwall.com/lists/oss-security/2013/11/28/8nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/89377nvd
News mentions
0No linked articles in our index yet.