CVE-2020-14305
HIGHLinux Kernel - Out-of-bounds Write in H.323 Connection Tracking on IPv6 Port 1720
Title source: llmDescription
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References (4)
Core 4
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1850716
Exploit, Third Party Advisory x_refsource_misc
https://bugs.openvz.org/browse/OVZ-7188
Various Sources x_refsource_misc
https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20201210-0004/
Scores
CVSS v3
8.1
EPSS
0.0441
EPSS Percentile
89.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (7)
linux/linux_kernel
4.12
linux/linux_kernel
< 4.11.12
netapp/a250_firmware
netapp/aff_500f_firmware
netapp/cloud_backup
netapp/fas_500f_firmware
netapp/solidfire_baseboard_management_controller_firmware
Published
Dec 02, 2020
Tracked Since
Feb 18, 2026