Vulnerability in LibVNCServer TextChat Processing
CVE-2020-14405

6.5MEDIUM

Key Information:

Vendor

Libvnc Project

Status
Libvncserver
Vendor
CVE Published:
17 June 2020

What is CVE-2020-14405?

An issue has been found in LibVNCServer that pertains to the TextChat feature, which does not impose restrictions on the size of chat messages. This oversight allows for buffer overflow conditions that may lead to exploitation, potentially compromising the application's ability to handle data securely. Users of versions prior to 0.9.13 are encouraged to update promptly to enhance security and prevent potential risks.

References

https://github.com/LibVNC/libvncserver/compare/LibVNCServ...
x_refsource_MISC
https://github.com/LibVNC/libvncserver/commit/8937203441e...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/06/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.