CVE-2010-5304

CWE-476 โ€” NULL Pointer Dereference5 documents5 sources
Severity
7.5HIGH
EPSS
3.4%
top 12.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Libvncserver Project LibvncserverFedoraproject Fedora
Timeline
PublishedFeb 5
Latest updateApr 21

Description

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

Also affects: Fedora 19, 20, 21

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-2wpx-v6qf-p32x: A NULL pointer dereference flaw was found in the way LibVNCServer before 0โ†—2022-04-21
โ–ถ
CVEList
CVE-2010-5304: A NULL pointer dereference flaw was found in the way LibVNCServer before 0โ†—2020-02-05
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
realvnc: Null pointer dereference flaw in ClientCutText message handlingโ†—2014-09-23
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2010-5304 realvnc: Null pointer dereference flaw in ClientCutText message handlingโ†—2020-02-19
โ–ถ