Vulnerability Details CVE-2020-26213
In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.3%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 5.0
References
- https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e
- https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf
- https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e
- https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf
Products affected by CVE-2020-26213
-
cpe:2.3:a:teler_project:teler:*