729220 – (CVE-2020-14983) [Tracker] [GURU] Vulnerabilities in chocolate-doom based games

Bug 729220 (CVE-2020-14983) - [Tracker] [GURU] Vulnerabilities in chocolate-doom based games

Summary: [Tracker] [GURU] Vulnerabilities in chocolate-doom based games

Status:	RESOLVED FIXED

Alias:	CVE-2020-14983

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	GURU project: Gentoo devs

URL:	https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:	~3 [upstream]
Keywords:

Depends on:	729214 729216
Blocks:
	Show dependency tree

Reported:	2020-06-22 23:12 UTC by John Helmert III
Modified:	2020-08-20 17:08 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-06-22 23:12:57 UTC

From $URL:

"The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack."

Comment 1 William Breathitt Gray 2020-06-23 13:01:24 UTC

Upstream issue tracker: https://github.com/chocolate-doom/chocolate-doom/issues/1293

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2020-07-28 19:34:24 UTC

Same as others. Security team does not support GURU repo.