PT-2020-6265 · Unknown+9 · Libvncserver+9

Published

2020-08-26

·

Updated

2022-10-29

·

CVE-2020-25708

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions LibVNCServer version 0.9.12
Description The issue is related to a divide by zero problem in LibVNCServer, which can be exploited by a remote attacker to cause a denial of service. A malicious client can send a specially crafted message to the VNC server, leading to a floating point exception.
Recommendations For LibVNCServer version 0.9.12, consider disabling the service until a patch is available to prevent potential denial of service attacks. As a temporary workaround, restrict access to the VNC server to minimize the risk of exploitation.

Exploit

Fix

DoS

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALSA-2021:1811
ALT-PU-2020-2671
ALT-PU-2020-2694
BDU:2021-03737
CESA-2021_1811
CVE-2020-25708
DLA-2451-1
DLA-3125-1
MGASA-2020-0439
OPENSUSE-SU-2020:2025-1
OPENSUSE-SU-2020:2097-1
OPENSUSE-SU-2020_2025-1
OPENSUSE-SU-2020_2097-1
OPENSUSE-SU-2024:10598-1
RHSA-2021:1811
RHSA-2021_1811
RLSA-2021:1811
SUSE-SU-2020:14549-1
SUSE-SU-2020:3515-1
SUSE-SU-2020:3550-1
SUSE-SU-2020_14549-1
SUSE-SU-2020_3515-1
SUSE-SU-2020_3550-1
USN-4636-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Libvncserver
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu