CVE-2020-14148
First published: Mon Jun 15 2020(Updated: )
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ngircd | <=25.0 | |
| Ngircd | =26.0-rc1 | |
| Debian Linux | =8.0 | |
| Red Hat Fedora | =31 | |
| Red Hat Fedora | =32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/ngircd/ngircd/issues/274
- https://github.com/ngircd/ngircd/issues/277
- https://github.com/ngircd/ngircd/pull/275
- https://github.com/ngircd/ngircd/pull/276
- https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2
- https://lists.debian.org/debian-lts-announce/2020/06/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZRYFJIA6ZKOH7U4K5WH5OL7OKXE4N52/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZRYFJIA6ZKOH7U4K5WH5OL7OKXE4N52/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER/
Frequently Asked Questions
What is the severity of CVE-2020-14148?
CVE-2020-14148 is classified as a medium severity vulnerability due to its potential for causing out-of-bounds access.
How do I fix CVE-2020-14148?
To fix CVE-2020-14148, update ngIRCd to version 26~rc2 or later.
What causes the vulnerability CVE-2020-14148?
CVE-2020-14148 is caused by an out-of-bounds access in the Server-Server protocol implementation of ngIRCd.
Which versions of ngIRCd are affected by CVE-2020-14148?
Versions of ngIRCd prior to 26~rc2, including all versions up to and including 25.0 and 26.0-rc1, are affected by CVE-2020-14148.
What is the impact of exploiting CVE-2020-14148?
Exploiting CVE-2020-14148 may lead to unpredictable behavior or service disruptions in affected systems.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/barton
- canonical/ngircd
- version/ngircd/25.0
- version/ngircd/26.0-rc1
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/31
- version/red hat fedora/32