CVE-2020-14983

Опубликовано: 22 июн. 2020

Источник: debian

EPSS Низкий

Описание

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
crispy-doom	fixed	5.9.0-1		package
crispy-doom	no-dsa		buster	package
chocolate-doom	fixed	3.0.1-1		package
chocolate-doom	fixed	3.0.0-4+deb10u1	buster	package
chocolate-doom	end-of-life		stretch	package
chocolate-doom	end-of-life		jessie	package

Примечания

https://github.com/chocolate-doom/chocolate-doom/issues/1293
https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1

EPSS

Процентиль: 69%

0.00603

Низкий

Связанные уязвимости

CVE-2020-14983

CVSS3: 9.8

ubuntu

больше 5 лет назад

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

CVE-2020-14983

CVSS3: 9.8

nvd

больше 5 лет назад

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

openSUSE-SU-2020:0939-1

suse-cvrf

больше 5 лет назад

Security update for chocolate-doom

openSUSE-SU-2020:0928-1

suse-cvrf

больше 5 лет назад

Security update for chocolate-doom

GHSA-cvfr-xv48-v96r

CVSS3: 9.8

github

больше 3 лет назад

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

EPSS

Процентиль: 69%

0.00603

Низкий