Vulnerability Details CVE-2020-14983
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.html
- https://github.com/chocolate-doom/chocolate-doom/issues/1293
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.html
- https://github.com/chocolate-doom/chocolate-doom/issues/1293
Products affected by CVE-2020-14983
-
cpe:2.3:a:chocolate-doom:chocolate_doom:3.0.0
-
cpe:2.3:a:chocolate-doom:crispy_doom:5.8.0
-
cpe:2.3:o:opensuse:backports:sle-15
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2