CVE Vulnerabilities

CVE-2020-14400

Published: Jun 17, 2020 | Modified: May 17, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N
Ubuntu
MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary

Affected Software

Name Vendor Start Version End Version
Libvncserver Libvncserver_project * 0.9.13 (excluding)
Libvncserver Ubuntu bionic *
Libvncserver Ubuntu eoan *
Libvncserver Ubuntu focal *
Libvncserver Ubuntu trusty *
Libvncserver Ubuntu xenial *
Veyon Ubuntu eoan *
Veyon Ubuntu groovy *
Veyon Ubuntu hirsute *
Veyon Ubuntu impish *
Veyon Ubuntu kinetic *
Veyon Ubuntu lunar *
Veyon Ubuntu mantic *
X11vnc Ubuntu bionic *
X11vnc Ubuntu eoan *
X11vnc Ubuntu groovy *
X11vnc Ubuntu hirsute *
X11vnc Ubuntu impish *
X11vnc Ubuntu kinetic *
X11vnc Ubuntu lunar *
X11vnc Ubuntu mantic *
X11vnc Ubuntu trusty *
X11vnc Ubuntu xenial *

References