CVE-2020-14148
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-14148
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14148.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-14148
- Related
- Published
- 2020-06-15T18:15:15Z
- Modified
- 2024-12-05T15:25:57.681503Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
- References
-
- https://lists.debian.org/debian-lts-announce/2020/06/msg00023.html
- https://github.com/ngircd/ngircd/pull/275
- https://github.com/ngircd/ngircd/issues/274
- https://github.com/ngircd/ngircd/issues/277
- https://github.com/ngircd/ngircd/pull/276
- https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZRYFJIA6ZKOH7U4K5WH5OL7OKXE4N52/
- https://security.alpinelinux.org/vuln/CVE-2020-14148
- https://security-tracker.debian.org/tracker/CVE-2020-14148
Affected packages
Alpine:v3.10 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.11 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.12 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.13 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.14 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.15 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.16 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.17 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.18 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.19 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.20 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.21 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25-r1
Affected versions
14.*
14.1-r0
14.1-r1
Other
15-r0
15-r1
15-r2
16-r0
17-r0
18-r0
18-r1
18-r2
18-r3
20-r0
20-r1
21-r0
22-r0
22-r1
23-r0
23-r1
23-r2
23-r3
24-r0
24-r1
24-r2
24-r3
24-r4
25-r0
17.*
17.1-r0
19.*
19.1-r0
19.2-r0
20.*
20.2-r1
20.2-r2
20.3-r0
21.*
21.1-r0
21.1-r1
21.1-r2
22.*
22.1-r0
22.1-r1
Alpine:v3.9 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:apk/alpine/ngircd?arch=source
Debian:11 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:deb/debian/ngircd?arch=source
Debian:12 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:deb/debian/ngircd?arch=source
Debian:13 / ngircd
Package
- Name
- ngircd
- Purl
- pkg:deb/debian/ngircd?arch=source