PT-2020-2989 · Libvncserver+8 · Libvncserver+8

Published

2020-06-17

·

Updated

2022-03-10

·

CVE-2020-14397

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions LibVNCServer versions prior to 0.9.13
Description The issue is related to a NULL pointer dereference in the libvncserver/rfbregion.c component of the LibVNCServer library. This could potentially allow a remote attacker to cause a denial of service.
Recommendations For versions prior to 0.9.13, update to version 0.9.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the libvncserver/rfbregion.c component until a patch is available.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:1811
ALT-PU-2020-2671
ALT-PU-2020-2694
BDU:2020-03157
CESA-2021_1811
CVE-2020-14397
DLA-2264-1
DLA-2347-1
MGASA-2020-0280
MGASA-2020-0288
OPENSUSE-SU-2020:0988-1
OPENSUSE-SU-2020:1025-1
OPENSUSE-SU-2020:1056-1
OPENSUSE-SU-2020_0988-1
OPENSUSE-SU-2020_1025-1
OPENSUSE-SU-2020_1056-1
OPENSUSE-SU-2024:10598-1
RHSA-2021:1811
RHSA-2021_1811
RLSA-2021:1811
SUSE-SU-2020:14424-1
SUSE-SU-2020:1922-1
SUSE-SU-2020:2167-1
SUSE-SU-2020_14424-1
USN-4434-1
USN-4573-1

Affected Products

Alt Linux
Almalinux
Centos
Libvncserver
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu