PT-2020-6271 · Unknown+8 · Libvncserver+8

Ramin Farajpour Cami

Published

2020-06-17

Updated

2022-03-10

CVE-2019-20839

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions LibVNCServer versions prior to 0.9.13

Description The issue is related to a buffer overflow in the libvncclient/sockets.c component of LibVNCServer. This buffer overflow can occur via a long socket filename. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 0.9.13, update to version 0.9.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the libvncclient/sockets.c component to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2021:1811

ALT-PU-2020-2671

ALT-PU-2020-2694

BDU:2021-03751

CESA-2021_1811

CVE-2019-20839

DLA-2264-1

DLA-2347-1

MGASA-2020-0280

OPENSUSE-SU-2020:0988-1

OPENSUSE-SU-2020:1025-1

OPENSUSE-SU-2020:1056-1

OPENSUSE-SU-2020_0988-1

OPENSUSE-SU-2020_1025-1

OPENSUSE-SU-2020_1056-1

OPENSUSE-SU-2024:10598-1

RHSA-2021:1811

RHSA-2021_1811

RLSA-2021:1811

SUSE-SU-2020:1922-1

SUSE-SU-2020:2167-1

USN-4434-1

Affected Products

Alt Linux

Almalinux

Centos

Libvncserver

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2020-6271 · Unknown+8 · Libvncserver+8

CVE-2019-20839

Weakness Enumeration

Related Identifiers

Affected Products

References · 94