Unrated severityNVD Advisory· Published Jun 22, 2020· Updated Aug 4, 2024

CVE-2020-14983

Description

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

Affected products

Crispy Doom/Crispy Doomdescription
Chocolate Doom/Chocolate Doomllm-create
Range: = 3.0.0
Crispy Doom/Crispy Doomllm-create
Range: = 5.8.0
osv-coords3 versions
pkg:rpm/opensuse/chocolate-doom&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/chocolate-doom&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/chocolate-doom&distro=SUSE%20Package%20Hub%2015%20SP1
< 3.0.1-lp151.3.3.1+ 2 more
- (no CPE)range: < 3.0.1-lp151.3.3.1
- (no CPE)range: < 3.0.1-lp152.4.3.1
- (no CPE)range: < 3.0.1-bp151.4.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.htmlmitrevendor-advisoryx_refsource_SUSE
github.com/chocolate-doom/chocolate-doom/issues/1293mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000