CVE-2018-14055Improper Input Validation in ZNC

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 40.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ZNCDebian ZNCDebian Linux
Timeline
PublishedJul 15
Latest updateMay 13

Description

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/znc< znc 1.7.1-1 (bookworm)
Debianznc/znc< 1.7.1-1+3
NVDznc/znc1.7.0

Also affects: Debian Linux 9.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-jwph-8hwh-5w78: ZNC before 12022-05-13
OSV
CVE-2018-14055: ZNC before 12018-07-15

📋Vendor Advisories

1
Debian
CVE-2018-14055: znc - ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the ...2018
CVE-2018-14055 — Improper Input Validation in ZNC | cvebase