Candidate: CVE-2020-13775
PublicDate: 2020-06-02 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13775
 https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8
 https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001
Description:
 ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an
 application crash (with a NULL pointer dereference) if echo-message is not
 enabled and there is no network.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962105
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_znc:
upstream_znc: needs-triage
precise/esm_znc: DNE
trusty_znc: ignored (out of standard support)
trusty/esm_znc: DNE
xenial_znc: ignored (end of standard support, was needs-triage)
bionic_znc: needs-triage
eoan_znc: ignored (reached end-of-life)
focal_znc: needs-triage
groovy_znc: not-affected (1.8.1-1)
hirsute_znc: not-affected (1.8.1-1)
impish_znc: not-affected (1.8.1-1)
jammy_znc: not-affected (1.8.1-1)
devel_znc: not-affected (1.8.1-1)