Vulnerabilities > CVE-2020-25708 - Divide By Zero vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2020-11-27

Updated: 2022-10-29

Summary

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Libvncserver_Project Libvncserver Project Libvncserver 0.9.12	1
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 8.0	3
OS	Debian Debian Debian Linux 10.0	1

Common Weakness Enumeration (CWE)

CWE-369 - Divide By Zero

References

https://bugzilla.redhat.com/show_bug.cgi?id=1896739
https://lists.debian.org/debian-lts-announce/2022/09/msg00035.html