cbcvebase.
CVE-2014-6053
published 2014-12-15

CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large…

PriorityP430medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
7.56%
93.8th percentile
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

Affected

21 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
david_kingvino>= 0 < 3.22.0-63.22.0-6
david_kingvino>= 0 < 3.22.0-63.22.0-6
david_kingvino>= 0 < 3.8.1-0ubuntu9.33.8.1-0ubuntu9.3
david_kingvino>= 0 < 3.22.0-3ubuntu1.13.22.0-3ubuntu1.1
david_kingvino>= 0 < 3.22.0-5ubuntu2.13.22.0-5ubuntu2.1
debiandebian_linux
debianlibvncserver< libvncserver 0.9.9+dfsg-6.1 (bookworm)libvncserver 0.9.9+dfsg-6.1 (bookworm)
debiantightvnc< libvncserver 0.9.9+dfsg-6.1 (bookworm)libvncserver 0.9.9+dfsg-6.1 (bookworm)
debianvino< libvncserver 0.9.9+dfsg-6.1 (bookworm)libvncserver 0.9.9+dfsg-6.1 (bookworm)
libvncserverlibvncserver<= 0.9.9
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-1ubuntu1.10.9.9+dfsg-1ubuntu1.1
tightvnctightvnc>= 0 < 1:1.3.9-9.11:1.3.9-9.1
tightvnctightvnc>= 0 < 1:1.3.9-9.11:1.3.9-9.1
tightvnctightvnc>= 0 < 1:1.3.9-9.11:1.3.9-9.1
tightvnctightvnc>= 0 < 1:1.3.9-9.11:1.3.9-9.1

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.