Your submission was sent successfully! Close

CVE-2018-14055

Published: 15 July 2018

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
znc
Launchpad, Ubuntu, Debian
Upstream
Released (1.7.1-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.6.6-1ubuntu0.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.6.3-1ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.2-3ubuntu0.1])