CVE-2020-14305
8.1
HIGH
CVSS 3.1
EPSS 5.1%
Description
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
How to fix CVE-2020-14305
To remediate CVE-2020-14305, upgrade the affected package to a fixed version below.
- —upgrade to 4.12.6-1 or later
Is CVE-2020-14305 being exploited?
Moderate — EPSS is 5.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 4.12.6-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |