CVE-2021-41380

Name of the Vulnerable Software and Affected Versions RealVNC Viewer version 6.21.406

Description The issue allows remote VNC servers to cause a denial of service, resulting in the application crashing via crafted RFB protocol data. It is noted that this issue requires social engineering to trick a user into connecting to a fake VNC Server, which will then cause the VNC Viewer application to hang until it is terminated. No memory leak occurs, and the resources are freed once the hung process is terminated. The resource usage remains constant during the hang, and only the process connected to the fake Server is affected.

Recommendations For RealVNC Viewer version 6.21.406, consider avoiding connections to untrusted or unknown VNC servers to minimize the risk of exploitation, as the issue is asserted to require social engineering to connect to a fake VNC Server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.