CVE-2020-14398

CWE-83510 documents8 sources
Severity
7.5HIGH
EPSS
2.3%
top 15.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Siemens Simatic Itc1500 FirmwareSiemens Simatic Itc1500 PRO FirmwareSiemens Simatic Itc1900 Firmware+7 more
Timeline
PublishedJun 17
Latest updateMay 24

Description

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

Debianlibvncserver< 0.9.13+dfsg-1+3
NVDsiemens/simatic_itc1500_firmware3.0.0.03.2.1.0
NVDsiemens/simatic_itc1900_firmware3.0.0.03.2.1.0
NVDsiemens/simatic_itc2200_firmware3.0.0.03.2.1.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, 20.04

Patches

Patch: cert-portal.siemens.comPatch: github.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

3
GHSA
GHSA-g66j-3r55-grh3: An issue was discovered in LibVNCServer before 02022-05-24
CVEList
CVE-2020-14398: An issue was discovered in LibVNCServer before 02020-06-17
OSV
CVE-2020-14398: An issue was discovered in LibVNCServer before 02020-06-17

📋Vendor Advisories

3
Ubuntu
LibVNCServer vulnerabilities2020-07-23
Red Hat
libvncserver: an improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c2020-06-17
Debian
CVE-2020-14398: libvncserver - An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP ...2020

💬Community

3
Bugzilla
CVE-2020-14398 libvncserver: an improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c [epel-7]2020-07-24
Bugzilla
CVE-2020-14398 libvncserver: an improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c [fedora-all]2020-07-24
Bugzilla
CVE-2020-14398 libvncserver: an improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c2020-07-24