CVE-2020-14305

{"id": "CVE-2020-14305", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 8.5, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2020-12-02T01:15:12.077", "references": [{"url": "https://bugs.openvz.org/browse/OVZ-7188", "tags": ["Exploit", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com/", "source": "secalert@redhat.com"}, {"url": "https://security.netapp.com/advisory/ntap-20201210-0004/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugs.openvz.org/browse/OVZ-7188", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20201210-0004/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds memory write flaw was found in how the Linux kernel\u2019s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de escritura de memoria fuera de l\u00edmites en la manera en que la funcionalidad connection tracking Voice Over IP H.323 del kernel de Linux, manejaba las conexiones en el puerto ipv6 1720. Este fallo permite a un usuario remoto no autenticado bloquear el sistema, causando una denegaci\u00f3n de servicio. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema"}], "lastModified": "2024-11-21T05:02:58.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13332751-6BF4-4D8A-A5D2-62A8AF6C1F92", "versionEndIncluding": "4.11.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.12:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9D9B484-E00F-45B6-A26F-42FADBAD8A0D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1236B66D-EB11-4324-929F-E2B86683C3C7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "281DFC67-46BB-4FC2-BE03-3C65C9311F65"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86E430A7-F93D-422B-BC9E-99C17CC2BF6F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DBC58E3E-C8AA-4400-8A48-733B321CC924"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "578BB9A7-BF28-4068-A9A6-1DE19CEEC293"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2AB58180-E5E0-4056-ABF9-A99E9F6A9E86"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}