rpm package
almalinux/libvncserver-devel
pkg:rpm/almalinux/libvncserver-devel
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-25708 | Hig | 7.5 | < 0.9.11-17.el8 | 0.9.11-17.el8 | Nov 27, 2020 | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | |
| CVE-2017-18922 | Cri | 9.8 | < 0.9.11-15.el8_2.1 | 0.9.11-15.el8_2.1 | Jun 30, 2020 | It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. | |
| CVE-2020-14405 | Med | 6.5 | < 0.9.11-17.el8 | 0.9.11-17.el8 | Jun 17, 2020 | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | |
| CVE-2020-14397 | Hig | 7.5 | < 0.9.11-17.el8 | 0.9.11-17.el8 | Jun 17, 2020 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | |
| CVE-2019-20839 | Hig | 7.5 | < 0.9.11-17.el8 | 0.9.11-17.el8 | Jun 17, 2020 | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |
| CVE-2018-21247 | Hig | 7.5 | < 0.9.11-17.el8 | 0.9.11-17.el8 | Jun 17, 2020 | An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. |
- affected < 0.9.11-17.el8fixed 0.9.11-17.el8
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
- affected < 0.9.11-15.el8_2.1fixed 0.9.11-15.el8_2.1
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
- affected < 0.9.11-17.el8fixed 0.9.11-17.el8
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
- affected < 0.9.11-17.el8fixed 0.9.11-17.el8
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
- affected < 0.9.11-17.el8fixed 0.9.11-17.el8
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
- affected < 0.9.11-17.el8fixed 0.9.11-17.el8
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.