{"id":"CVE-2018-14055","details":"ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.","modified":"2026-04-16T04:34:11.763587481Z","published":"2018-07-15T01:29:03.587Z","related":["openSUSE-SU-2024:11542-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201807-03"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4252"},{"type":"FIX","url":"https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e"},{"type":"FIX","url":"https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/znc/znc","events":[{"introduced":"0"},{"last_affected":"4489b1b69474cb5ffa1b2d5c9b19b725e7e59e04"},{"fixed":"a7bfbd93812950b7444841431e8e297e62cb524e"},{"fixed":"d22fef8620cdd87490754f607e7153979731c69d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.0"}]}}],"versions":["znc-0.023","znc-0.025","znc-0.027","znc-0.028","znc-0.029","znc-0.030","znc-0.033","znc-0.034","znc-0.035","znc-0.036","znc-0.037","znc-0.038","znc-0.039","znc-0.040","znc-0.041","znc-0.043","znc-0.044","znc-0.045","znc-0.047","znc-0.050","znc-0.052","znc-0.054","znc-0.054-rc1","znc-0.054-rc2","znc-0.054-rc3","znc-0.056","znc-0.058","znc-0.060","znc-0.062","znc-0.064","znc-0.066","znc-0.068","znc-0.070","znc-0.072","znc-0.094","znc-0.096","znc-0.098","znc-0.200","znc-1.0","znc-1.2","znc-1.6.0","znc-1.7.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T12:27:23Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"vanir_signatures":[{"deprecated":false,"source":"https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d","signature_type":"Function","digest":{"length":1800,"function_hash":"60984955223312034853263882467691689392"},"id":"CVE-2018-14055-252df1c5","target":{"function":"CIRCSock::ReadLine","file":"src/IRCSock.cpp"},"signature_version":"v1"},{"deprecated":false,"id":"CVE-2018-14055-26128037","signature_type":"Line","target":{"file":"src/Config.cpp"},"source":"https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e","digest":{"line_hashes":["127846812733819052819684023843064528616","280394417723304140607606976939468713806","37705182353070851372372443124582193842","12922861792915135330601448608517459525","113315442729475611804835623198423101103","278587668758767033546177560613924669251","118707195877691598308982070203968969999","271768406831103920880798403893578475024","292557577942845378574103956721767333213","337856902244385450803753131603919972990","177222102212929915748164018390779581152","285384611683921472555681606507765455948"],"threshold":0.9},"signature_version":"v1"},{"deprecated":false,"id":"CVE-2018-14055-305ceed7","signature_type":"Function","target":{"function":"CConfig::Write","file":"src/Config.cpp"},"source":"https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e","digest":{"length":553,"function_hash":"105522597803742310031247247382044571470"},"signature_version":"v1"},{"deprecated":false,"source":"https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d","signature_type":"Line","digest":{"line_hashes":["270750802924298988998945158033922795108","7377834930162203691298188634610495573","339056714700884462795091484209528921602","58693616630817577769323673378854026519"],"threshold":0.9},"id":"CVE-2018-14055-d266880f","target":{"file":"src/Client.cpp"},"signature_version":"v1"},{"deprecated":false,"source":"https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d","signature_type":"Line","digest":{"line_hashes":["293091136511493721858906762926263979680","219403454261744467426049684021290062685","302792696749047866986578535384728981356","79566459958152877292889732138801075274"],"threshold":0.9},"id":"CVE-2018-14055-de45757f","target":{"file":"src/IRCSock.cpp"},"signature_version":"v1"},{"deprecated":false,"digest":{"length":2224,"function_hash":"257039376338732901167057406271341509936"},"signature_type":"Function","target":{"function":"CClient::ReadLine","file":"src/Client.cpp"},"id":"CVE-2018-14055-e287e35b","source":"https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14055.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}