CVE-2020-14305

Published: Dec 2, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Affected (7)

Products: Linux: Linux Kernel · Netapp: Cloud Backup, A250 Firmware, Fas 500f Firmware, Aff 500f Firmware, Solidfire Baseboard Management Controller Firmware

1 product

5 products

Solidfire Baseboard Management Controller Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.11.12
Linux Linux Kernel	Version 4.12

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Cloud Backup	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp A250 Firmware	All versions

Running on/with	Platform Versions
Netapp A250	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fas 500f Firmware	All versions

Running on/with	Platform Versions
Netapp Fas 500f	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff 500f Firmware	All versions

Running on/with	Platform Versions
Netapp Aff 500f	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Solidfire Baseboard Management Controller Firmware	All versions

Running on/with	Platform Versions
Netapp Solidfire Baseboard Management Controller	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

https://bugs.openvz.org/browse/OVZ-7188

Source: secalert@redhat.com

ExploitThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1850716

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com/

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20201210-0004/

Source: secalert@redhat.com

Third Party Advisory

https://bugs.openvz.org/browse/OVZ-7188

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1850716

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20201210-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.