CVE-2020-14402
Description
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LibVNCServer before 0.9.13 has an out-of-bounds access in corre.c via encodings, potentially causing info disclosure or DoS.
Vulnerability
An out-of-bounds access vulnerability exists in LibVNCServer versions before 0.9.13. The issue resides in libvncserver/corre.c and can be triggered via crafted encodings, allowing an attacker to read or write beyond allocated memory buffers. [2]
Exploitation
An attacker can send specially crafted encoding data to a LibVNCServer instance. No authentication is required if the VNC server is exposed. The attacker only needs network connectivity to the server to trigger the out-of-bounds access.
Impact
Successful exploitation could lead to information disclosure (reading sensitive memory) or denial of service (crash). Arbitrary code execution may be possible in some contexts, though not confirmed in available references.
Mitigation
The vulnerability is fixed in LibVNCServer version 0.9.13. Users should upgrade to the latest version. For Ubuntu systems, security updates were released (e.g., USN-4434-1). If upgrading is not possible, consider restricting network access to the VNC server. [2]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
28- LibVNCServer/LibVNCServerdescription
- Range: <0.9.13
- osv-coords26 versionspkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/LibVNCServer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/LibVNCServer&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0.9.10-lp151.7.9.1+ 25 more
- (no CPE)range: < 0.9.10-lp151.7.9.1
- (no CPE)range: < 0.9.10-lp152.9.8.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.10-4.22.1
- (no CPE)range: < 0.9.10-4.22.1
- (no CPE)range: < 0.9.1-160.19.1
- (no CPE)range: < 0.9.1-160.19.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.10-4.22.1
- (no CPE)range: < 0.9.10-4.22.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
- (no CPE)range: < 0.9.9-17.31.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4434-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4573-1/mitrevendor-advisoryx_refsource_UBUNTU
- cert-portal.siemens.com/productcert/pdf/ssa-390195.pdfmitrex_refsource_CONFIRM
- github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfffmitrex_refsource_MISC
- github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/06/msg00035.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/08/msg00045.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.