What is CVE-2020-14305?

CVE-2020-14305 is a high-severity vulnerability in Linux Linux_kernel, classified under Out-of-bounds Write. CVSS score: 8.1/10. Published 2020-12-02.

How severe is CVE-2020-14305?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2020-14305 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Linux Linux_kernel

CVE-2020-14305

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causin…

Vulnerability class: Buffer Overflow

EPSS: 0.051 (91.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

Public proof-of-concept exploits

References

secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (Exploit, Third Party Advisory, x_refsource_MISC)
secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2020-14305?: CVE-2020-14305 is a high-severity vulnerability in Linux Linux_kernel, classified under Out-of-bounds Write. CVSS score: 8.1/10. Published 2020-12-02.
How severe is CVE-2020-14305?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2020-14305 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.