Vulnerability Name:

CVE-2020-12066 (CCN-180283)

Assigned:2020-04-19
Published:2020-04-19
Updated:2022-04-29
Summary:CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-12066

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0557

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0563

Source: XF
Type: UNKNOWN
teeworlds-cve202012066-dos(180283)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-0d6b80678a

Source: UBUNTU
Type: Third Party Advisory
USN-4553-1

Source: DEBIAN
Type: Third Party Advisory
DSA-4763

Source: CCN
Type: Teeworlds Web site
Teeworlds

Source: MISC
Type: Vendor Advisory
https://www.teeworlds.com/forum/viewtopic.php?id=14785

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-12066

Vulnerable Configuration:Configuration 1:
  • cpe:/a:teeworlds:teeworlds:*:*:*:*:*:*:*:* (Version >= 0.7.0 and < 0.7.5)

    • Configuration 2:
  • cpe:/a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • OR cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:fedoraproject:fedora:30:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202012066
    V
    		CVE-2020-12066
    2022-06-30
    oval:org.opensuse.security:def:113487
    P
    		teeworlds-0.7.5-2.9 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64642
    P
    		Security update for permissions (Moderate)
    2021-12-28
    oval:org.opensuse.security:def:64584
    P
    		Security update for git (Low)
    2021-10-06
    oval:org.opensuse.security:def:106883
    P
    		teeworlds-0.7.5-2.9 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:64754
    P
    		Security update for qemu (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:63330
    P
    		graphviz-tcl-2.40.1-6.6.8 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62827
    P
    		python3-cupshelpers-1.5.7-6.27 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63037
    P
    		perl-YAML-LibYAML-0.69-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62831
    P
    		texlive-12many-2017.133.0.0.3svn15878-6.18 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62834
    P
    		vino-3.22.0-9.32 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100310
    P
    		 (Important)
    2021-07-20
    oval:org.opensuse.security:def:63533
    P
    		enigmail-2.0.5-1.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:62859
    P
    		libpcp-devel-3.11.9-3.116 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64482
    P
    		Security update for libnettle (Important)
    2021-04-28
    oval:org.opensuse.security:def:74696
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:93597
    P
    		 (Important)
    2021-02-26
    oval:org.opensuse.security:def:74829
    P
    		Security update for teeworlds (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64374
    P
    		libpulse-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63680
    P
    		Security update for ucode-intel (Important)
    2020-12-01
    oval:org.opensuse.security:def:64375
    P
    		libpython2_7-1_0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63909
    P
    		Security update for openssl-1_1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:64238
    P
    		dbus-1-glib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:110491
    P
    		Security update for teeworlds (Moderate)
    2020-04-27
    BACK
    teeworlds teeworlds *
    opensuse backports sle 15.0 sp1
    opensuse leap 15.1
    fedoraproject fedora 30
    debian debian linux 10.0
    canonical ubuntu linux 20.04