CVE-2020-14398

Vulnerability

In LibVNCServer versions prior to 0.9.13, the function responsible for handling TCP connections in libvncclient/sockets.c does not properly reset or terminate connections that are incorrectly closed. This flaw results in an infinite loop when the library attempts to process the stale connection state. The vulnerability is present in the client-side library (libvncclient) and affects all versions before 0.9.13 [1].

Exploitation

An attacker can exploit this vulnerability by establishing a TCP connection to the libvncclient-based application and then improperly closing the connection (e.g., by sending a partial or malformed handshake or abruptly terminating the socket). The attacker does not require authentication or any special network position beyond being able to connect to the target service. Upon the improperly closed connection, the client enters an infinite loop, causing a denial of service [1].

Impact

Successful exploitation leads to a denial of service (DoS). The application using libvncclient becomes unresponsive due to the infinite loop, preventing further legitimate VNC connections from being handled. The advisory from Ubuntu [1] does not indicate any potential for code execution or data compromise; the primary impact is service disruption.

Mitigation

The vulnerability is fixed in LibVNCServer version 0.9.13 and later. Ubuntu published security updates in USN-4434-1 on 2020-06-18, which include the fix for CVE-2020-14398 among other vulnerabilities [1]. Users should upgrade to version 0.9.13 or apply the relevant distribution patch. No workaround is provided; upgrading is the recommended mitigation.