CVE-2020-13775 - ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL po

CVE-2020-13775

Summary

ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.

References

Vulnerable Configurations

cpe:2.3:a:znc:znc:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:znc:znc:1.8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

CVSS

Base:	3.5 (as of 27-01-2023 - 18:53)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:S/C:N/I:N/A:P

refmap via4

confirm	https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001
fedora	FEDORA-2020-0091083d6d FEDORA-2020-12237dbae2

Last major update

27-01-2023 - 18:53

Published

02-06-2020 - 23:15

Last modified

27-01-2023 - 18:53