CVE-2014-6053
published 2014-12-15CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
7.56%
93.8th percentile
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| david_king | vino | >= 0 < 3.22.0-6 | 3.22.0-6 |
| david_king | vino | >= 0 < 3.22.0-6 | 3.22.0-6 |
| david_king | vino | >= 0 < 3.8.1-0ubuntu9.3 | 3.8.1-0ubuntu9.3 |
| david_king | vino | >= 0 < 3.22.0-3ubuntu1.1 | 3.22.0-3ubuntu1.1 |
| david_king | vino | >= 0 < 3.22.0-5ubuntu2.1 | 3.22.0-5ubuntu2.1 |
| debian | debian_linux | — | — |
| debian | libvncserver | < libvncserver 0.9.9+dfsg-6.1 (bookworm) | libvncserver 0.9.9+dfsg-6.1 (bookworm) |
| debian | tightvnc | < libvncserver 0.9.9+dfsg-6.1 (bookworm) | libvncserver 0.9.9+dfsg-6.1 (bookworm) |
| debian | vino | < libvncserver 0.9.9+dfsg-6.1 (bookworm) | libvncserver 0.9.9+dfsg-6.1 (bookworm) |
| libvncserver | libvncserver | <= 0.9.9 | — |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-1ubuntu1.1 | 0.9.9+dfsg-1ubuntu1.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fcxc-59xc-c54c: The rfbProcessClientNormalMessage function in libvncserver/rfbserver
ghsa_unreviewed·2022-05-13
CVE-2014-6053 [MEDIUM] GHSA-fcxc-59xc-c54c: The rfbProcessClientNormalMessage function in libvncserver/rfbserver
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
OSV
italc vulnerabilities
osv·2020-10-20·CVSS 7.5
CVE-2014-6051 [HIGH] italc vulnerabilities
italc vulnerabilities
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker could used these issues to cause a
denial of service or possibl
OSV
vino vulnerabilities
osv·2020-10-07·CVSS 5.0
CVE-2014-6053 [MEDIUM] vino vulnerabilities
vino vulnerabilities
Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText
messages. A remote attacker could use this issue to cause the server to
crash, resulting in a denial of service. (CVE-2014-6053)
It was discovered that Vino incorrectly handled certain packet lengths. A
remote attacker could possibly use this issue to obtain sensitive
information, cause a denial of service, or execute arbitrary code.
(CVE-2018-7225)
Pavel Cheremushkin discovered that an information disclosure vulnerability
existed in Vino when sending a ServerCutText message. An attacker could
possibly use this issue to expose sensitive information. (CVE-2019-15681)
It was discovered that Vino incorrectly handled region clipping. A remote
attacker could possibly use this issue to cause Vino t
OSV
CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver
osv·2014-12-15·CVSS 5.0
CVE-2014-6053 [MEDIUM] CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
OSV
libvncserver vulnerabilities
osv·2014-09-29·CVSS 7.5
CVE-2014-6051 [HIGH] libvncserver vulnerabilities
libvncserver vulnerabilities
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a denial of service. (CVE-2014-6054)
Nicolas Ruff discovered that LibVN
Ubuntu
iTALC vulnerabilities
vendor_ubuntu·2020-10-20·CVSS 7.5
CVE-2018-20749 [HIGH] iTALC vulnerabilities
Title: iTALC vulnerabilities
Summary: Several security issues were fixed in iTALC.
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker c
Ubuntu
Vino vulnerabilities
vendor_ubuntu·2020-10-07·CVSS 5.0
CVE-2014-6053 [MEDIUM] Vino vulnerabilities
Title: Vino vulnerabilities
Summary: Several security issues were fixed in Vino.
Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText
messages. A remote attacker could use this issue to cause the server to
crash, resulting in a denial of service. (CVE-2014-6053)
It was discovered that Vino incorrectly handled certain packet lengths. A
remote attacker could possibly use this issue to obtain sensitive
information, cause a denial of service, or execute arbitrary code.
(CVE-2018-7225)
Pavel Cheremushkin discovered that an information disclosure vulnerability
existed in Vino when sending a ServerCutText message. An attacker could
possibly use this issue to expose sensitive information. (CVE-2019-15681)
It was discovered that Vino incorrectly handled region clipping. A
Ubuntu
LibVNCServer vulnerabilities
vendor_ubuntu·2014-09-29·CVSS 7.5
CVE-2014-6051 [HIGH] LibVNCServer vulnerabilities
Title: LibVNCServer vulnerabilities
Summary: Several security issues were fixed in LibVNCServer.
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a d
Red Hat
libvncserver: server NULL pointer dereference flaw in ClientCutText message handling
vendor_redhat·2014-09-23·CVSS 5.0
CVE-2014-6053 [MEDIUM] CWE-476 libvncserver: server NULL pointer dereference flaw in ClientCutText message handling
libvncserver: server NULL pointer dereference flaw in ClientCutText message handling
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This h
Red Hat
realvnc: Null pointer dereference flaw in ClientCutText message handling
vendor_redhat·2014-09-23·CVSS 7.5
CVE-2010-5304 [HIGH] CWE-476 realvnc: Null pointer dereference flaw in ClientCutText message handling
realvnc: Null pointer dereference flaw in ClientCutText message handling
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
A flaw was found in realvnc. LibVNCServer, in versions prior to 0.9.9, contain a NULL pointer dereference when handling certain ClientCutText messages which could be used by a remote attacker to crash the VNC server. The highest threat from this vulnerability is to system availability.
Statement: This flaw is in RealVNC shipped with Red Hat Enterprise Linux 5. A similar flaw was also found in LibVNCServer and was assigned CVE-2014-6053
Package: vnc (Red Hat Enterpris
Debian
CVE-2014-6053: libvncserver - The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNC...
vendor_debian·2014·CVSS 5.0
CVE-2014-6053 [MEDIUM] CVE-2014-6053: libvncserver - The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNC...
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
Scope: local
bookworm: resolved (fixed in 0.9.9+dfsg-6.1)
bullseye: resolved (fixed in 0.9.9+dfsg-6.1)
forky: resolved (fixed in 0.9.9+dfsg-6.1)
sid: resolved (fixed in 0.9.9+dfsg-6.1)
trixie: resolved (fixed in 0.9.9+dfsg-6.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-5304 realvnc: Null pointer dereference flaw in ClientCutText message handling
bugzilla·2020-02-19·CVSS 7.5
CVE-2010-5304 [HIGH] CVE-2010-5304 realvnc: Null pointer dereference flaw in ClientCutText message handling
CVE-2010-5304 realvnc: Null pointer dereference flaw in ClientCutText message handling
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
Reference:
http://www.openwall.com/lists/oss-security/2014/09/23/6
This libVNCServer flaw was assigned CVE-2014-6053. A similar flaw was found in RealVNC server which has been assigned CVE-2010-5304.
Discussion:
https://packetstormsecurity.com/files/89160/RealVNC-VNC-Server-Free-Edition-4.1.3-Denial-Of-Service.html contains instructions for reproducing this flaw.
---
External References:
https://packetstormsecurity.com/files/89160/RealVNC-VNC-Server
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affect
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug fo
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for libvncserver
Bugzilla
CVE-2014-6053 libvncserver: server NULL pointer dereference flaw in ClientCutText message handling
bugzilla·2014-09-19·CVSS 7.5
CVE-2014-6053 [HIGH] CVE-2014-6053 libvncserver: server NULL pointer dereference flaw in ClientCutText message handling
CVE-2014-6053 libvncserver: server NULL pointer dereference flaw in ClientCutText message handling
A NULL pointer dereference flaw was reported in LibVNCServer's ClientCutText message handling. A VNC client could use this flaw to cause the VNC server to crash.
Upstream commit:
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
Discussion:
Acknowledgements:
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Nicolas RUFF as the original reporter.
---
Public now:
http://seclists.org/oss-sec/2014/q3/639
---
Created libvncserver tracking bugs for this issue:
Affects: fedora-all [bug 1145878]
Affects: epel-5 [bug 1145879]
Affects: epel-7 [bug 1145880]
---
Created krfb tracking bugs for this issue:
Affects: fedora-all
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlhttp://seclists.org/oss-sec/2014/q3/639http://secunia.com/advisories/61506http://secunia.com/advisories/61682http://ubuntu.com/usn/usn-2365-1http://www.debian.org/security/2014/dsa-3081http://www.ocert.org/advisories/ocert-2014-007.htmlhttp://www.openwall.com/lists/oss-security/2014/09/25/11https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://lists.debian.org/debian-lts-announce/2019/11/msg00032.htmlhttps://lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlhttps://security.gentoo.org/glsa/201507-07https://usn.ubuntu.com/4573-1/https://usn.ubuntu.com/4587-1/http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlhttp://seclists.org/oss-sec/2014/q3/639http://secunia.com/advisories/61506http://secunia.com/advisories/61682http://ubuntu.com/usn/usn-2365-1http://www.debian.org/security/2014/dsa-3081http://www.ocert.org/advisories/ocert-2014-007.htmlhttp://www.openwall.com/lists/oss-security/2014/09/25/11https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://lists.debian.org/debian-lts-announce/2019/11/msg00032.htmlhttps://lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlhttps://security.gentoo.org/glsa/201507-07https://usn.ubuntu.com/4573-1/https://usn.ubuntu.com/4587-1/
2014-12-15
Published