CVE-2018-14055

描述

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

受影響套件(4)

• Alpine/zncfrom 0, < 1.7.1-r0
• Debian/zncfrom 0, < 1.7.1-1
• Debian/zncfrom 0, < 1.4-2+deb8u1
• Debian/zncfrom 0, < 1.6.5-1+deb9u1

CVSS 分數

參考連結(2)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-14055
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-14055