In pamtacplus.c in pamtacplus before 1.4.1, pamsmacct_mgmt does not zero out the arep data structure.
{ "vanir_signatures": [ { "id": "CVE-2016-20014-28a15624", "signature_type": "Function", "digest": { "function_hash": "258352848962929567760939840113007533346", "length": 3646.0 }, "target": { "file": "pam_tacplus.c", "function": "pam_sm_acct_mgmt" }, "source": "https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab", "signature_version": "v1", "deprecated": false }, { "id": "CVE-2016-20014-c09de379", "signature_type": "Line", "digest": { "line_hashes": [ "152148694595381616725332901845864734972", "329346737611140683914305529782259062756", "144080591874934029285186318424361896193", "65888792551446632476147423506826739490" ], "threshold": 0.9 }, "target": { "file": "pam_tacplus.c" }, "source": "https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab", "signature_version": "v1", "deprecated": false } ] }