Unrated severityNVD Advisory· Published Jun 17, 2020· Updated Aug 4, 2024

CVE-2020-14400

Description

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

LibVNCServer before 0.9.13 has a potential alignment issue in translate.c, but no known exploitation path.

Vulnerability

LibVNCServer before version 0.9.13 contains a potential misaligned memory access in libvncserver/translate.c, where byte-aligned data is accessed through uint16_t pointers [1]. This can cause undefined behavior on some architectures.

Exploitation

According to the available references, there is no known path of exploitation or trust boundary crossing [1]. The issue is considered not exploitable by the vendor.

Impact

No impact is known due to the absence of a valid exploitation scenario; thus, no security impact is expected.

Mitigation

The issue was fixed in version 0.9.13 via commit 53073c8d7e232151ea2ecd8a1243124121e10e2d [1]. Users should upgrade to 0.9.13 or later.

References

byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

LibVNCServer/LibVNCServerdescription
osv-coords26 versions
pkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/LibVNCServer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2 pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0.9.10-lp151.7.9.1+ 25 more
- (no CPE)range: < 0.9.10-lp151.7.9.1
- (no CPE)range: < 0.9.10-lp152.9.8.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.10-4.22.1
- (no CPE)range: < 0.9.10-4.22.1
- (no CPE)range: < 0.9.1-160.19.1
- (no CPE)range: < 0.9.1-160.19.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.10-4.22.1
- (no CPE)range: < 0.9.10-4.22.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.htmlmitrevendor-advisoryx_refsource_SUSE
usn.ubuntu.com/4434-1/mitrevendor-advisoryx_refsource_UBUNTU
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2dmitrex_refsource_MISC
github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2020/06/msg00035.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2020/08/msg00045.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000