VDB
CVE-2020-14305
CVE-2020-14305
PUBLISHED
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
EPSS 4.41% · 89.2th percentile
Risk Scores
EPSS Score
4.41%
89.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-oracle-5.3 | 0, *, * |
| Ubuntu:16.04:LTS | linux | 4.4.0-75.96, 0, 4.2.0-16.19 |
| Ubuntu:18.04:LTS | linux-azure-5.3 | *, *, * |
| Ubuntu:18.04:LTS | linux-gcp-edge | 4.18.0-1013.14~18.04.1, 4.18.0-1006.7~18.04.1, 4.18.0-1005.6~18.04.1 |
| Ubuntu:22.04:LTS | linux-realtime | 0, 5.15.0-1032.35 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1033.35, 4.15.0-1015.15, 4.15.0-1017.18 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:18.04:LTS | linux-oracle-5.0 | 5.0.0-1014.19, *, 5.0.0-1013.18 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.4.0-1006.6, 5.3.0-1015.17, 0 |
| Ubuntu:16.04:LTS | linux-hwe | 4.8.0-58.63~16.04.1, *, * |
| Ubuntu:16.04:LTS | linux-kvm | 4.4.0-1029.34, 4.4.0-1012.17, 4.4.0-1013.18 |
| Ubuntu:Pro:FIPS:16.04:LTS | linux-fips | 4.4.0-1010.13, 4.4.0-1008.10, 4.4.0-1006.6 |
| Ubuntu:16.04:LTS | linux-snapdragon | 4.4.0-1121.127, 4.4.0-1113.118, 4.4.0-1111.116 |
| Ubuntu:18.04:LTS | linux-azure-edge | *, *, 0 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-85.129, 0, 3.11.0-12.19 |
| Ubuntu:16.04:LTS | linux-aws | 4.4.0-1037.46, 4.4.0-1041.50, 4.4.0-1043.52 |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1130.139, 4.4.0-1131.140, 4.4.0-1133.142 |
| Ubuntu:20.04:LTS | linux-azure-fde | 5.4.0-1100.106+cvm1.1, 5.4.0-1103.109+cvm1.1, 5.4.0-1098.104+cvm1.1 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1073.75, 0 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1035.37, 5.4.0-1104.111, 5.4.0-1105.112 |
…and 10 more
Exploit Intelligence
- https://bugs.openvz.org/browse/OVZ-7188 (nist-nvd)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
Timeline
- Dec 2, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-14305 third-party-advisory
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/ third-party-advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.9.232&id=396ba2fc4f27ef6c44bbc0098bfddf4da76dc4c9 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-14305 third-party-advisory