CVE-2014-6053NULL Pointer Dereference in Libvncserver

CWE-19CWE-476NULL Pointer Dereference17 documents8 sources
Severity
5.0MEDIUMNVD
OSV7.5
EPSS
36.9%
top 2.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
David King VinoLibvncserver Project LibvncserverTightvnc+3 more
Timeline
PublishedDec 15
Latest updateMay 13

Description

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

Debianlibvncserver_project/libvncserver< 0.9.9+dfsg-6.1+3
Debiandavid_king/vino< 3.22.0-6+1
Ubuntudavid_king/vino< 3.8.1-0ubuntu9.3+2
Debiantightvnc/tightvnc< 1:1.3.9-9.1+3

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-fcxc-59xc-c54c: The rfbProcessClientNormalMessage function in libvncserver/rfbserver2022-05-13
OSV
italc vulnerabilities2020-10-20
OSV
vino vulnerabilities2020-10-07
CVEList
CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver2014-12-15
OSV
CVE-2014-6053: The rfbProcessClientNormalMessage function in libvncserver/rfbserver2014-12-15

📋Vendor Advisories

5
Ubuntu
iTALC vulnerabilities2020-10-20
Ubuntu
Vino vulnerabilities2020-10-07
Ubuntu
LibVNCServer vulnerabilities2014-09-29
Red Hat
libvncserver: server NULL pointer dereference flaw in ClientCutText message handling2014-09-23
Debian
CVE-2014-6053: libvncserver - The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNC...2014

💬Community

6
Bugzilla
CVE-2010-5304 realvnc: Null pointer dereference flaw in ClientCutText message handling2020-02-19
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]2014-09-24
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]2014-09-24
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]2014-09-24
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]2014-09-24
CVE-2014-6053 — NULL Pointer Dereference | cvebase