{"id":"CVE-2016-20014","details":"In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.","modified":"2026-04-11T15:23:02.193175Z","published":"2022-04-21T04:15:09.203Z","references":[{"type":"FIX","url":"https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kravietz/pam_tacplus","events":[{"introduced":"0"},{"fixed":"8dddbec2940f99fa4867d6b6a92d8ba10206915e"},{"fixed":"e4c00eba70a0f72c4de77b5f072c69708ec2beab"}],"database_specific":{"cpe":"cpe:2.3:a:pam_tacplus_project:pam_tacplus:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.4.1"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["1.3.8","1.3.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-20014.json","vanir_signatures_modified":"2026-04-11T15:23:02Z","vanir_signatures":[{"target":{"file":"pam_tacplus.c","function":"pam_sm_acct_mgmt"},"source":"https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab","signature_type":"Function","id":"CVE-2016-20014-28a15624","signature_version":"v1","digest":{"function_hash":"258352848962929567760939840113007533346","length":3646},"deprecated":false},{"target":{"file":"pam_tacplus.c"},"source":"https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab","signature_type":"Line","id":"CVE-2016-20014-c09de379","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["152148694595381616725332901845864734972","329346737611140683914305529782259062756","144080591874934029285186318424361896193","65888792551446632476147423506826739490"]},"deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}