CVE-2020-14399

Vulnerability

In LibVNCServer versions prior to 0.9.13, the file libvncclient/rfbproto.c accesses byte-aligned data through uint32_t pointers. This is a misaligned memory access issue that can lead to undefined behavior or crashes on architectures that require aligned access. The official description notes that no trust boundary is crossed, and upstream maintainers confirm there is no known path of exploitation [2]. Affected versions are all LibVNCServer releases before 0.9.13.

Exploitation

An attacker would need to craft a VNC data stream that triggers the misaligned pointer dereference in the client-side library. Because the issue occurs during parsing of received data, no authentication or special privileges are required beyond sending network traffic to a vulnerable client. However, the maintainers state that no privileged operations are involved and there is no trust boundary crossing, meaning exploitation does not lead to a meaningful security impact [2].

Impact

The misaligned access may cause a crash of the application using LibVNCServer, leading to a denial of service. According to upstream and Red Hat Product Security, this is a standard software reliability bug rather than a security vulnerability because it does not cross a trust boundary and there is no known path to code execution or privilege escalation [2].

Mitigation

Upgrade to LibVNCServer version 0.9.13 or later, which contains the fix for this issue [1]. For Ubuntu systems, the security update was released as USN-4434-1 on 2020-09-15 [1]. No workaround is available, but the issue does not require urgent mitigation as a security flaw.