{"id":"UBUNTU-CVE-2018-14055","details":"ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.","modified":"2026-04-22T11:44:58.823728Z","published":"2018-07-15T01:29:00Z","upstream":["CVE-2018-14055"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14055"},{"type":"REPORT","url":"https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e"},{"type":"REPORT","url":"https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-14055"}],"affected":[{"package":{"name":"znc","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/znc@1.2-3ubuntu0.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-3ubuntu0.1"}]}],"versions":["1.0-5","1.0-5build1","1.2-1","1.2-2","1.2-3","1.2-3build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.2-3ubuntu0.1","binary_name":"znc"},{"binary_version":"1.2-3ubuntu0.1","binary_name":"znc-perl"},{"binary_version":"1.2-3ubuntu0.1","binary_name":"znc-python"},{"binary_version":"1.2-3ubuntu0.1","binary_name":"znc-tcl"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-14055.json"}},{"package":{"name":"znc","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/znc@1.6.3-1ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.3-1ubuntu0.1"}]}],"versions":["1.6.1-1","1.6.1-1build1","1.6.1-2","1.6.2-1","1.6.2-2","1.6.2-2build1","1.6.3-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.6.3-1ubuntu0.1","binary_name":"znc"},{"binary_version":"1.6.3-1ubuntu0.1","binary_name":"znc-perl"},{"binary_version":"1.6.3-1ubuntu0.1","binary_name":"znc-python"},{"binary_version":"1.6.3-1ubuntu0.1","binary_name":"znc-tcl"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-14055.json"}},{"package":{"name":"znc","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/znc@1.6.6-1ubuntu0.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.6-1ubuntu0.1"}]}],"versions":["1.6.5-2build2","1.6.5-2build3","1.6.5-2build4","1.6.5-2build5","1.6.6-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.6.6-1ubuntu0.1","binary_name":"znc"},{"binary_version":"1.6.6-1ubuntu0.1","binary_name":"znc-perl"},{"binary_version":"1.6.6-1ubuntu0.1","binary_name":"znc-python"},{"binary_version":"1.6.6-1ubuntu0.1","binary_name":"znc-tcl"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-14055.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}