Skip to main content

Libvncserver CVE-2020-14403

MEDIUM
Out-of-bounds Write (CWE-787)
2020-06-17 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Jun 17, 2020 - 16:15 nvd
MEDIUM 5.4

DescriptionNVD

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.

AnalysisAI

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Affected products include: Libvnc Project Libvncserver, Canonical Ubuntu Linux, Debian Debian Linux, Siemens Simatic Itc1500 Firmware, Siemens Simatic Itc1500 Pro Firmware. Version information: before 0.9.13..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2018-7225 CRITICAL POC
9.8 Feb 19

An issue was discovered in LibVNCServer through 0.9.11. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2014-6052 HIGH POC
7.5 Dec 15

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain

CVE-2014-6053 MEDIUM
5.0 Dec 15

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not proper

CVE-2020-25708 HIGH POC
7.5 Nov 27

A divide by zero issue was found to occur in libvncserver-0.9.12. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2014-6054 MEDIUM
4.3 Oct 06

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote a

CVE-2016-9942 CRITICAL
9.8 Dec 31

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a den

CVE-2016-9941 CRITICAL
9.8 Dec 31

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a

CVE-2018-20020 CRITICAL
9.8 Dec 19

LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside stru

CVE-2018-20019 CRITICAL
9.8 Dec 19

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities

CVE-2018-15127 CRITICAL
9.8 Dec 19

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server c

CVE-2018-15126 CRITICAL
9.8 Dec 19

LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code

CVE-2014-6051 HIGH
7.5 Sep 30

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC se

Share

CVE-2020-14403 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy