PT-2026-27461 · Unknown · Libvncserver

Y637F9Qq2X

Publicado

2026-03-24

Atualizado

2026-05-09

CVE-2026-32854

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibVNCServer versions prior to the commit dc78dee LibVNCServer version 0.9.15

Description The software contains null pointer dereference issues in the HTTP proxy handlers within the httpProcessInput() function in httpd.c. These issues allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Specifically, missing validation of the strchr() return values in the CONNECT and GET proxy handling paths can trigger null pointer dereferences, leading to a server crash when httpd and proxy features are enabled.

Recommendations Update LibVNCServer to a version after the commit dc78dee.

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

CVE-2026-32854

OESA-2026-2252

OESA-2026-2253

OESA-2026-2254

OESA-2026-2255

OPENSUSE-SU-2026:10433-1

OPENSUSE-SU-2026:20552-1

SUSE-SU-2026:1124-1

SUSE-SU-2026:1173-1

SUSE-SU-2026:1174-1

SUSE-SU-2026:21206-1

Produtos afetados

Libvncserver

PT-2026-27461 · Unknown · Libvncserver

CVE-2026-32854

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32