CVE-2019-20840

CWE-787Out-of-bounds WriteCWE-119Buffer Overflow11 documents8 sources
Severity
7.5HIGH
EPSS
2.0%
top 16.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Siemens Simatic Itc1500 FirmwareSiemens Simatic Itc1500 PRO FirmwareSiemens Simatic Itc1900 Firmware+7 more
Timeline
PublishedJun 17
Latest updateMay 24

Description

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

Debianlibvncserver< 0.9.13+dfsg-1+3
NVDsiemens/simatic_itc1500_firmware3.0.0.03.2.1.0
NVDsiemens/simatic_itc1900_firmware3.0.0.03.2.1.0
NVDsiemens/simatic_itc2200_firmware3.0.0.03.2.1.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, 20.04

Patches

Patch: cert-portal.siemens.comPatch: github.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

4
GHSA
GHSA-42fc-843w-r7rp: An issue was discovered in LibVNCServer before 02022-05-24
OSV
libvncserver vulnerabilities2020-07-23
CVEList
CVE-2019-20840: An issue was discovered in LibVNCServer before 02020-06-17
OSV
CVE-2019-20840: An issue was discovered in LibVNCServer before 02020-06-17

📋Vendor Advisories

3
Ubuntu
LibVNCServer vulnerabilities2020-07-23
Red Hat
libvncserver: unaligned accesses in hybiReadAndDecode can lead to a crash2020-06-17
Debian
CVE-2019-20840: libvncserver - An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c ...2019

💬Community

3
Bugzilla
CVE-2019-20840 libvncserver: unaligned accesses in hybiReadAndDecode can lead to a crash [epel-7]2020-06-23
Bugzilla
CVE-2019-20840 libvncserver: unaligned accesses in hybiReadAndDecode can lead to a crash [fedora-all]2020-06-23
Bugzilla
CVE-2019-20840 libvncserver: unaligned accesses in hybiReadAndDecode can lead to a crash2020-06-23