CVE-2020-13775 — NULL Pointer Dereference in ZNC

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

1.0%

top 23.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ZNC Debian ZNC Fedoraproject Fedora

Timeline

PublishedJun 2

Latest updateMay 24

Description

ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/znc< znc 1.8.1-1 (bookworm)

▶Debianznc/znc< 1.8.1-1+3

▶NVDznc/znc1.8.0

Also affects: Fedora 31, 32

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-853m-wxj4-w3h5: ZNC 1↗2022-05-24

▶

OSV

CVE-2020-13775: ZNC 1↗2020-06-02

▶

📋Vendor Advisories

Debian

CVE-2020-13775: znc - ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application c...↗2020

▶