Skip to main content

Neatvnc

1 CVEs product

Monthly

CVE-2026-42859 HIGH PATCH This Week

Remote code execution and denial of service in Neat VNC library version <0.9.6 allows unauthenticated network attackers to overflow a 1024-byte stack buffer during RSA-AES security handshake. An attacker sends a crafted VNC security type 5 or 129 message with an oversized client RSA public key, triggering a stack buffer overflow in rsa_aes_send_challenge() when the server encrypts its challenge response. CVSS 8.1 (High) with network attack vector, low complexity, and no authentication required. No public exploit identified at time of analysis, though the vulnerability is trivial to trigger based on the patch diff showing a simple size validation check addition.

Denial Of Service Buffer Overflow Neatvnc
NVD GitHub
CVSS 4.0
8.1
EPSS
0.1%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution and denial of service in Neat VNC library version <0.9.6 allows unauthenticated network attackers to overflow a 1024-byte stack buffer during RSA-AES security handshake. An attacker sends a crafted VNC security type 5 or 129 message with an oversized client RSA public key, triggering a stack buffer overflow in rsa_aes_send_challenge() when the server encrypts its challenge response. CVSS 8.1 (High) with network attack vector, low complexity, and no authentication required. No public exploit identified at time of analysis, though the vulnerability is trivial to trigger based on the patch diff showing a simple size validation check addition.

Denial Of Service Buffer Overflow Neatvnc
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy