CVE-2020-14148
published 2020-06-15CVE-2020-14148: The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.64%
83.7th percentile
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barton | ngircd | <= 25.0 | — |
| barton | ngircd | — | — |
| debian | debian_linux | — | — |
| debian | ngircd | < ngircd 26-1 (bookworm) | ngircd 26-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| ngircd | ngircd | >= 0 < 26-1 | 26-1 |
| ngircd | ngircd | >= 0 < 26-1 | 26-1 |
| ngircd | ngircd | >= 0 < 26-1 | 26-1 |
| ngircd | ngircd | >= 0 < 26-1 | 26-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7cgh-8qx5-9mw4: The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function
ghsa_unreviewed·2022-05-24
CVE-2020-14148 [MEDIUM] CWE-125 GHSA-7cgh-8qx5-9mw4: The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
OSV
CVE-2020-14148: The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function
osv·2020-06-15·CVSS 7.5
CVE-2020-14148 [HIGH] CVE-2020-14148: The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
Debian
CVE-2020-14148: ngircd - The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-...
vendor_debian·2020·CVSS 7.5
CVE-2020-14148 [HIGH] CVE-2020-14148: ngircd - The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-...
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
Scope: local
bookworm: resolved (fixed in 26-1)
bullseye: resolved (fixed in 26-1)
forky: resolved (fixed in 26-1)
sid: resolved (fixed in 26-1)
trixie: resolved (fixed in 26-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-14148 ngircd: nigircd: Server-Server protocol implementation leads to out-of-bounds access [fedora-all]
bugzilla·2020-06-18·CVSS 7.5
CVE-2020-14148 [HIGH] CVE-2020-14148 ngircd: nigircd: Server-Server protocol implementation leads to out-of-bounds access [fedora-all]
CVE-2020-14148 ngircd: nigircd: Server-Server protocol implementation leads to out-of-bounds access [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
Bugzilla
CVE-2020-14148 nigircd: Server-Server protocol implementation leads to out-of-bounds access
bugzilla·2020-06-18·CVSS 7.5
CVE-2020-14148 [HIGH] CVE-2020-14148 nigircd: Server-Server protocol implementation leads to out-of-bounds access
CVE-2020-14148 nigircd: Server-Server protocol implementation leads to out-of-bounds access
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
References:
https://github.com/ngircd/ngircd/issues/274
https://github.com/ngircd/ngircd/issues/277
https://github.com/ngircd/ngircd/pull/275
https://github.com/ngircd/ngircd/pull/276
https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2
Discussion:
Created ngircd tracking bugs for this issue:
Affects: epel-all [bug 1848416]
Affects: fedora-all [bug 1848415]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for stat
Bugzilla
CVE-2020-14148 ngircd: nigircd: Server-Server protocol implementation leads to out-of-bounds access [epel-all]
bugzilla·2020-06-18·CVSS 7.5
CVE-2020-14148 [HIGH] CVE-2020-14148 ngircd: nigircd: Server-Server protocol implementation leads to out-of-bounds access [epel-all]
CVE-2020-14148 ngircd: nigircd: Server-Server protocol implementation leads to out-of-bounds access [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affe
https://github.com/ngircd/ngircd/issues/274https://github.com/ngircd/ngircd/issues/277https://github.com/ngircd/ngircd/pull/275https://github.com/ngircd/ngircd/pull/276https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2https://lists.debian.org/debian-lts-announce/2020/06/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZRYFJIA6ZKOH7U4K5WH5OL7OKXE4N52/https://github.com/ngircd/ngircd/issues/274https://github.com/ngircd/ngircd/issues/277https://github.com/ngircd/ngircd/pull/275https://github.com/ngircd/ngircd/pull/276https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2https://lists.debian.org/debian-lts-announce/2020/06/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZRYFJIA6ZKOH7U4K5WH5OL7OKXE4N52/
2020-06-15
Published