CVE-2020-14404

CWE-787Out-of-bounds WriteCWE-119Buffer OverflowCWE-125Out-of-bounds Read11 documents8 sources
Severity
5.4MEDIUM
EPSS
1.3%
top 20.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Libvnc Project LibvncserverSiemens Simatic Itc1500 FirmwareSiemens Simatic Itc1500 PRO Firmware+6 more
Timeline
PublishedJun 17
Latest updateMay 24

Description

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages8 packages

Debianlibvncserver< 0.9.13+dfsg-1+3
NVDsiemens/simatic_itc1500_firmware3.0.0.03.2.1.0
NVDsiemens/simatic_itc1900_firmware3.0.0.03.2.1.0
NVDsiemens/simatic_itc2200_firmware3.0.0.03.2.1.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, 20.04

Patches

Patch: cert-portal.siemens.comPatch: github.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

3
GHSA
GHSA-xrqg-3g47-qq3r: An issue was discovered in LibVNCServer before 02022-05-24
OSV
CVE-2020-14404: An issue was discovered in LibVNCServer before 02020-06-17
CVEList
CVE-2020-14404: An issue was discovered in LibVNCServer before 02020-06-17

📋Vendor Advisories

4
Ubuntu
Vino vulnerabilities2020-10-07
Ubuntu
LibVNCServer vulnerabilities2020-07-23
Red Hat
libvncserver: libvncserver/rre.c allows out-of-bounds access via encodings2020-06-17
Debian
CVE-2020-14404: libvncserver - An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows...2020

💬Community

3
Bugzilla
CVE-2020-14404 libvncserver: libvncserver/rre.c allows out-of-bounds access via encodings [fedora-all]2020-07-24
Bugzilla
CVE-2020-14404 libvncserver: libvncserver/rre.c allows out-of-bounds access via encodings [epel-7]2020-07-24
Bugzilla
CVE-2020-14404 libvncserver: libvncserver/rre.c allows out-of-bounds access via encodings2020-07-24