CVE-2014-6055 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libvncserver
Severity
6.5MEDIUMNVD
OSV7.5
EPSS
11.2%
top 6.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 30
Latest updateMay 13
Description
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4
Affected Packages4 packages
Also affects: Debian Linux 7.0, Fedora 20, 21, Enterprise Linux 6.5, 6.5.z
Patches
🔴Vulnerability Details
4📋Vendor Advisories
4Red Hat
▶
Debian▶
CVE-2014-6055: libvncserver - Multiple stack-based buffer overflows in the File Transfer feature in rfbserver....↗2014
💬Community
5Bugzilla▶
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]↗2014-09-24
Bugzilla▶
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]↗2014-09-24
Bugzilla▶
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]↗2014-09-24
Bugzilla▶
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]↗2014-09-24
Bugzilla▶
CVE-2014-6055 libvncserver: server stacked-based buffer overflow flaws in file transfer handling↗2014-09-19