{"id":"CVE-2016-20014","details":"In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.","modified":"2026-04-11T03:43:39.976451Z","published":"2022-04-21T04:15:09.203Z","references":[{"type":"FIX","url":"https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kravietz/pam_tacplus","events":[{"introduced":"0"},{"fixed":"8dddbec2940f99fa4867d6b6a92d8ba10206915e"},{"fixed":"e4c00eba70a0f72c4de77b5f072c69708ec2beab"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.1"}]}}],"versions":["1.3.8","1.3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-20014.json","vanir_signatures_modified":"2026-04-11T03:43:39Z","vanir_signatures":[{"source":"https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab","target":{"function":"pam_sm_acct_mgmt","file":"pam_tacplus.c"},"signature_type":"Function","digest":{"function_hash":"258352848962929567760939840113007533346","length":3646},"id":"CVE-2016-20014-28a15624","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab","target":{"file":"pam_tacplus.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["152148694595381616725332901845864734972","329346737611140683914305529782259062756","144080591874934029285186318424361896193","65888792551446632476147423506826739490"]},"id":"CVE-2016-20014-c09de379","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}