Vulnerabilities > CVE-2016-20014 - Unspecified vulnerability in PAM Tacplus Project PAM Tacplus 1.3.8/1.3.9

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
pam-tacplus-project
critical
NVD
Published: 2022-04-21
Updated: 2022-05-02

Summary

In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.

Vulnerable Configurations

Part Description Count
Application
Pam_Tacplus_Project
2

References