CVE-2020-14148
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-14148
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14148.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-14148
- Related
- Published
- 2020-06-15T18:15:15Z
- Modified
- 2025-07-01T23:53:05.976628Z
- Downstream
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
- References
-
- https://lists.debian.org/debian-lts-announce/2020/06/msg00023.html
- https://github.com/ngircd/ngircd/pull/275
- https://github.com/ngircd/ngircd/issues/274
- https://github.com/ngircd/ngircd/issues/277
- https://github.com/ngircd/ngircd/pull/276
- https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZRYFJIA6ZKOH7U4K5WH5OL7OKXE4N52/
- https://security.alpinelinux.org/vuln/CVE-2020-14148
- https://security-tracker.debian.org/tracker/CVE-2020-14148
Affected packages
Alpine:v3.10 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.11 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.12 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.13 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.14 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.15 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.16 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.17 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.18 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.19 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.20 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.21 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.22 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.9 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Debian:11 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:deb/debian/ngircd?arch=source
Debian:12 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:deb/debian/ngircd?arch=source
Debian:13 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:deb/debian/ngircd?arch=source
Git / github.com/ngircd/ngircd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ngircd/ngircd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
rel-0-0-1
rel-0-0-2
rel-0-1-0
rel-0-2-0
rel-0-2-1
rel-0-3-0
rel-0-5-0-pre1
rel-0-7-0-pre1
rel-13
rel-13-rc1
rel-14
rel-14-1
rel-14-rc1
rel-15
rel-15-rc1
rel-16
rel-16-rc1
rel-16-rc2
rel-17
rel-17-rc1
rel-17-rc2
rel-17-rc3
rel-18
rel-18-rc1
rel-18-rc2
rel-19
rel-19-rc1
rel-20
rel-20-rc1
rel-20-rc2
rel-21
rel-21-rc1
rel-21-rc2
rel-22
rel-22-rc1
rel-23
rel-23-rc1
rel-24
rel-24-rc1
rel-25
rel-25-rc1
rel-26-rc1
rel-17.*
rel-17.1
rel-19.*
rel-19.1
rel-19.2
rel-19.2-rc1
rel-20.*
rel-20.1
rel-22.*
rel-22.1