Vulnerabilities > CVE-2020-14404 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 6 | |
OS | 2 | |
OS | 6 | |
Hardware | 6 |
Common Weakness Enumeration (CWE)
References
- https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13
- https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
- https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html
- https://usn.ubuntu.com/4434-1/
- https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html
- https://usn.ubuntu.com/4573-1/
- https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf