CVE-2020-13775

Sažetak

ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.

Reference

https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8
https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HS3DWGXLVRROQQA57UIPMDM6XMVEMBRA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNVBE4T2DRJRQHFRMHYBTN4OSOL6DBHR/

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

07-11-2023 - 03:16

Objavljeno

02-06-2020 - 23:15