Neatvnc
Monthly
Remote code execution and denial of service in Neat VNC library version <0.9.6 allows unauthenticated network attackers to overflow a 1024-byte stack buffer during RSA-AES security handshake. An attacker sends a crafted VNC security type 5 or 129 message with an oversized client RSA public key, triggering a stack buffer overflow in rsa_aes_send_challenge() when the server encrypts its challenge response. CVSS 8.1 (High) with network attack vector, low complexity, and no authentication required. No public exploit identified at time of analysis, though the vulnerability is trivial to trigger based on the patch diff showing a simple size validation check addition.
Remote code execution and denial of service in Neat VNC library version <0.9.6 allows unauthenticated network attackers to overflow a 1024-byte stack buffer during RSA-AES security handshake. An attacker sends a crafted VNC security type 5 or 129 message with an oversized client RSA public key, triggering a stack buffer overflow in rsa_aes_send_challenge() when the server encrypts its challenge response. CVSS 8.1 (High) with network attack vector, low complexity, and no authentication required. No public exploit identified at time of analysis, though the vulnerability is trivial to trigger based on the patch diff showing a simple size validation check addition.