Vulnerability Details : CVE-2020-14305
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2020-14305
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.12:-:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
Threat overview for CVE-2020-14305
Top countries where our scanners detected CVE-2020-14305
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2020-14305 34,191
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-14305!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-14305
1.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14305
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:N/AC:M/Au:N/C:P/I:P/A:C |
8.6
|
8.5
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2020-14305
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2020-14305
-
https://bugzilla.redhat.com/show_bug.cgi?id=1850716
1850716 – (CVE-2020-14305) CVE-2020-14305 kernel: memory corruption in Voice over IP nf_conntrack_h323 moduleIssue Tracking;Patch;Third Party Advisory
-
https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/
[v4.10] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 - PatchworkMailing List;Patch;Third Party Advisory
-
https://bugs.openvz.org/browse/OVZ-7188
[OVZ-7188] Crash kernel 3.10.0-1062.4.2.vz7.116.7 - bugs.openvz.orgExploit;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20201210-0004/
CVE-2020-14305 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to