CVE-2020-14305 — HIGH (8.1)

Q: How severe is CVE-2020-14305?

CVE-2020-14305 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14305?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Cloud Backup, Netapp A250 Firmware, Netapp A250, Netapp Fas 500F Firmware.

Vulnerability Description

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 4.11.12
Netapp	Cloud Backup	-
Netapp	A250 Firmware	-
Netapp	A250	-
Netapp	Fas 500F Firmware	-
Netapp	Fas 500F	-
Netapp	Aff 500F Firmware	-
Netapp	Aff 500F	-
Netapp	Solidfire Baseboard Management Controller Firmware	-
Netapp	Solidfire Baseboard Management Controller	-

Related Weaknesses (CWE)

CWE-787

References

https://bugs.openvz.org/browse/OVZ-7188ExploitThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1850716Issue TrackingPatchThird Party Advisory
https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e
https://security.netapp.com/advisory/ntap-20201210-0004/Third Party Advisory
https://bugs.openvz.org/browse/OVZ-7188ExploitThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1850716Issue TrackingPatchThird Party Advisory
https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e
https://security.netapp.com/advisory/ntap-20201210-0004/Third Party Advisory

FAQ

What is CVE-2020-14305?

CVE-2020-14305 is a vulnerability with a CVSS score of 8.1 (HIGH). An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated ...

How severe is CVE-2020-14305?

CVE-2020-14305 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14305?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Cloud Backup, Netapp A250 Firmware, Netapp A250, Netapp Fas 500F Firmware.