Unrated severityNVD Advisory· Published Sep 27, 2020· Updated Aug 4, 2024
CVE-2020-26117
CVE-2020-26117
Description
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
30- TigerVNC/TigerVNCdescription
- osv-coords28 versionspkg:rpm/opensuse/tigervnc&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tigervnc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tigervnc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tigervnc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/tigervnc&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/tigervnc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/tigervnc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/tigervnc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/tigervnc&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/tigervnc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/tigervnc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.9.0-lp151.4.9.1+ 27 more
- (no CPE)range: < 1.9.0-lp151.4.9.1
- (no CPE)range: < 1.9.0-lp152.7.3.1
- (no CPE)range: < 1.10.1-17.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.8.0-13.14.1
- (no CPE)range: < 1.8.0-13.14.1
- (no CPE)range: < 1.9.0-19.9.1
- (no CPE)range: < 1.9.0-19.9.1
- (no CPE)range: < 1.9.0-19.9.1
- (no CPE)range: < 1.9.0-19.9.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-22.17.1
- (no CPE)range: < 1.6.0-22.17.1
- (no CPE)range: < 1.8.0-13.14.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-22.17.1
- (no CPE)range: < 1.6.0-22.17.1
- (no CPE)range: < 1.8.0-13.14.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-22.17.1
- (no CPE)range: < 1.6.0-27.1
- (no CPE)range: < 1.6.0-22.17.1
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2020-10/msg00025.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-11/msg00024.htmlmitrevendor-advisoryx_refsource_SUSE
- bugzilla.opensuse.org/show_bug.cgimitrex_refsource_MISC
- github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cbmitrex_refsource_MISC
- github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562bmitrex_refsource_MISC
- github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cbamitrex_refsource_MISC
- github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6emitrex_refsource_MISC
- github.com/TigerVNC/tigervnc/releases/tag/v1.11.0mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/10/msg00007.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.