rpm package
almalinux/libvncserver-devel
pkg:rpm/almalinux/libvncserver-devel
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-25708 | — | < 0.9.11-17.el8 | 0.9.11-17.el8 | Nov 27, 2020 | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | ||
| CVE-2017-18922 | — | < 0.9.11-15.el8_2.1 | 0.9.11-15.el8_2.1 | Jun 30, 2020 | It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. | ||
| CVE-2020-14397 | — | < 0.9.11-17.el8 | 0.9.11-17.el8 | Jun 17, 2020 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | ||
| CVE-2020-14405 | — | < 0.9.11-17.el8 | 0.9.11-17.el8 | Jun 17, 2020 | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | ||
| CVE-2019-20839 | — | < 0.9.11-17.el8 | 0.9.11-17.el8 | Jun 17, 2020 | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | ||
| CVE-2018-21247 | — | < 0.9.11-17.el8 | 0.9.11-17.el8 | Jun 17, 2020 | An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. |
- CVE-2020-25708Nov 27, 2020affected < 0.9.11-17.el8fixed 0.9.11-17.el8
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
- CVE-2017-18922Jun 30, 2020affected < 0.9.11-15.el8_2.1fixed 0.9.11-15.el8_2.1
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
- CVE-2020-14397Jun 17, 2020affected < 0.9.11-17.el8fixed 0.9.11-17.el8
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
- CVE-2020-14405Jun 17, 2020affected < 0.9.11-17.el8fixed 0.9.11-17.el8
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
- CVE-2019-20839Jun 17, 2020affected < 0.9.11-17.el8fixed 0.9.11-17.el8
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
- CVE-2018-21247Jun 17, 2020affected < 0.9.11-17.el8fixed 0.9.11-17.el8
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.