Vulnerability Description
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chocolate-Doom | Chocolate Doom | 3.0.0 |
| Chocolate-Doom | Crispy Doom | 5.8.0 |
| Opensuse | Backports | sle-15 |
| Opensuse | Leap | 15.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.htmlMailing ListThird Party Advisory
- https://github.com/chocolate-doom/chocolate-doom/issues/1293ExploitPatchThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.htmlMailing ListThird Party Advisory
- https://github.com/chocolate-doom/chocolate-doom/issues/1293ExploitPatchThird Party Advisory
FAQ
What is CVE-2020-14983?
CVE-2020-14983 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
How severe is CVE-2020-14983?
CVE-2020-14983 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-14983?
Check the references section above for vendor advisories and patch information. Affected products include: Chocolate-Doom Chocolate Doom, Chocolate-Doom Crispy Doom, Opensuse Backports, Opensuse Leap.