CVE-2018-14055

Published: Jul 15, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

Affected (2)

Products: Znc: Znc · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Znc Znc	Up to 1.7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

Source: cve@mitre.org

PatchThird Party Advisory

https://security.gentoo.org/glsa/201807-03

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4252

Source: cve@mitre.org

Third Party Advisory

https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://security.gentoo.org/glsa/201807-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4252

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.