CVE-2020-14305
kernel: memory corruption in Voice over IP nf_conntrack_h323 module
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Se encontró un fallo de escritura de memoria fuera de límites en la manera en que la funcionalidad connection tracking Voice Over IP H.323 del kernel de Linux, manejaba las conexiones en el puerto ipv6 1720. Este fallo permite a un usuario remoto no autenticado bloquear el sistema, causando una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-17 CVE Reserved
- 2020-12-02 CVE Published
- 2024-04-06 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com | X_refsource_misc | |
| https://security.netapp.com/advisory/ntap-20201210-0004 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.openvz.org/browse/OVZ-7188 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1850716 | 2020-09-29 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2020-14305 | 2020-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | A250 Firmware Search vendor "Netapp" for product "A250 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | A250 Search vendor "Netapp" for product "A250" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Fas 500f Firmware Search vendor "Netapp" for product "Fas 500f Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Fas 500f Search vendor "Netapp" for product "Fas 500f" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Aff 500f Firmware Search vendor "Netapp" for product "Aff 500f Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff 500f Search vendor "Netapp" for product "Aff 500f" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Firmware Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Search vendor "Netapp" for product "Solidfire Baseboard Management Controller" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.11.12 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.11.12" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.12 Search vendor "Linux" for product "Linux Kernel" and version "4.12" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||