CVE-2020-14397

Опубликовано: 17 июн. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html
Mailing List
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
Patch
Third Party Advisory
https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
Patch
Third Party Advisory
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4434-1/
Third Party Advisory
https://usn.ubuntu.com/4573-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html
Mailing List
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
Patch
Third Party Advisory
https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
Patch
Third Party Advisory
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4434-1/
Third Party Advisory
https://usn.ubuntu.com/4573-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*

Версия до 0.9.12 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*