CVE-2020-14148
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-14148
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14148.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-14148
- Downstream
- Related
- Published
- 2020-06-15T18:15:15Z
- Modified
- 2025-10-21T05:34:48.313422Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
- References
-
- https://github.com/ngircd/ngircd/issues/274
- https://github.com/ngircd/ngircd/issues/277
- https://github.com/ngircd/ngircd/pull/275
- https://github.com/ngircd/ngircd/pull/276
- https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2
- https://lists.debian.org/debian-lts-announce/2020/06/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZRYFJIA6ZKOH7U4K5WH5OL7OKXE4N52/
Affected packages
Git / github.com/ngircd/ngircd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ngircd/ngircd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
rel-0-0-1
rel-0-0-2
rel-0-1-0
rel-0-2-0
rel-0-2-1
rel-0-3-0
rel-0-5-0-pre1
rel-0-7-0-pre1
rel-13
rel-13-rc1
rel-14
rel-14-1
rel-14-rc1
rel-15
rel-15-rc1
rel-16
rel-16-rc1
rel-16-rc2
rel-17
rel-17-rc1
rel-17-rc2
rel-17-rc3
rel-18
rel-18-rc1
rel-18-rc2
rel-19
rel-19-rc1
rel-20
rel-20-rc1
rel-20-rc2
rel-21
rel-21-rc1
rel-21-rc2
rel-22
rel-22-rc1
rel-23
rel-23-rc1
rel-24
rel-24-rc1
rel-25
rel-25-rc1
rel-26-rc1
rel-17.*
rel-17.1
rel-19.*
rel-19.1
rel-19.2
rel-19.2-rc1
rel-20.*
rel-20.1
rel-22.*
rel-22.1