Vulnerability Details : CVE-2020-12066
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.
Vulnerability category: Input validation
Products affected by CVE-2020-12066
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:teeworlds:teeworlds:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-12066
2.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-12066
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-12066
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-12066
-
https://www.debian.org/security/2020/dsa-4763
Debian -- Security Information -- DSA-4763-1 teeworldsThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00044.html
[security-announce] openSUSE-SU-2020:0557-1: moderate: Security update fMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00045.html
[security-announce] openSUSE-SU-2020:0563-1: moderate: Security update fMailing List;Third Party Advisory
-
https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5
changed a check · teeworlds/teeworlds@c68402f · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/4553-1/
USN-4553-1: Teeworlds vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVYG7CCPS5F3OPOQMJKVNXTQ7BXSEX2V/
[SECURITY] Fedora 30 Update: teeworlds-0.7.5-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.teeworlds.com/forum/viewtopic.php?id=14785
Security update - 0.7.5 released (Page 1) — News — Teeworlds ForumVendor Advisory
Jump to