CVE Vulnerabilities

CVE-2016-20014

Published: Apr 21, 2022 | Modified: May 02, 2022

CVSS 3.x

9.8

CRITICAL

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.x

7.5 HIGH

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20014
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.

Affected Software

Name	Vendor	Start Version	End Version
Pam_tacplus	Pam_tacplus_project	*	1.4.1 (excluding)

References

https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.