CVE-2020-25708
published 2020-11-27CVE-2020-25708: A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.61%
73.0th percentile
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | libvncserver | < libvncserver 0.9.13+dfsg-1 (bookworm) | libvncserver 0.9.13+dfsg-1 (bookworm) |
| libvncserver_project | libvncserver | — | — |
| libvncserver_project | libvncserver | — | — |
| libvncserver_project | libvncserver | >= 0 < 0.9.13+dfsg-1 | 0.9.13+dfsg-1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.13+dfsg-1 | 0.9.13+dfsg-1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.13+dfsg-1 | 0.9.13+dfsg-1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.13+dfsg-1 | 0.9.13+dfsg-1 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibVNCServer, Vino vulnerability
vendor_ubuntu·2020-11-17
CVE-2020-25708 LibVNCServer, Vino vulnerability
Title: LibVNCServer, Vino vulnerability
Summary: LibVNCServer and Vino could be made to crash.
It was discovered that LibVNCServer incorrectly handled certain internals.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Vino package ships with a LibVNCServer source and all listed releases were
affected for this package.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS
vendor_redhat·2020-05-13·CVSS 7.5
CVE-2020-25708 [HIGH] CWE-369 libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS
libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
A divide by zero flaw was found in libvncserver. This flaw allows a malicious client to send a specially crafted message that, when processed by the VNC server, leads to a floating-point exception, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Package: libvncserver (Red Hat Enterprise Linux 6) - Out of support scope
Package: vino (Red Hat Enterprise Linux 6) - Out of support scope
Package: l
Debian
CVE-2020-25708: libvncserver - A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious cl...
vendor_debian·2020·CVSS 7.5
CVE-2020-25708 [HIGH] CVE-2020-25708: libvncserver - A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious cl...
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
Scope: local
bookworm: resolved (fixed in 0.9.13+dfsg-1)
bullseye: resolved (fixed in 0.9.13+dfsg-1)
forky: resolved (fixed in 0.9.13+dfsg-1)
sid: resolved (fixed in 0.9.13+dfsg-1)
trixie: resolved (fixed in 0.9.13+dfsg-1)
GHSA
GHSA-3xcq-6vjj-wqx7: A divide by zero issue was found to occur in libvncserver-0
ghsa_unreviewed·2022-05-24
CVE-2020-25708 [HIGH] CWE-369 GHSA-3xcq-6vjj-wqx7: A divide by zero issue was found to occur in libvncserver-0
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
OSV
CVE-2020-25708: A divide by zero issue was found to occur in libvncserver-0
osv·2020-11-27·CVSS 7.5
CVE-2020-25708 [HIGH] CVE-2020-25708: A divide by zero issue was found to occur in libvncserver-0
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-11-27
Published