Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2020-25708

Divide By Zero

Published: Nov 27, 2020 | Modified: Oct 29, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-25708
CWEhttps://cwe.mitre.org/data/definitions/369.html

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.

Weakness

The product divides a value by zero.

Affected Software

Name Vendor Start Version End Version
Libvncserver Libvncserver_project 0.9.12 (including) 0.9.12 (including)
Red Hat Enterprise Linux 8 RedHat libvncserver-0:0.9.11-17.el8 *
Italc Ubuntu bionic *
Italc Ubuntu trusty *
Italc Ubuntu xenial *
Libvncserver Ubuntu bionic *
Libvncserver Ubuntu focal *
Libvncserver Ubuntu trusty *
Libvncserver Ubuntu xenial *
Tightvnc Ubuntu bionic *
Tightvnc Ubuntu groovy *
Tightvnc Ubuntu hirsute *
Tightvnc Ubuntu impish *
Tightvnc Ubuntu kinetic *
Tightvnc Ubuntu lunar *
Tightvnc Ubuntu mantic *
Tightvnc Ubuntu trusty *
Tightvnc Ubuntu xenial *
Veyon Ubuntu groovy *
Veyon Ubuntu hirsute *
Veyon Ubuntu impish *
Veyon Ubuntu kinetic *
Veyon Ubuntu lunar *
Veyon Ubuntu mantic *
Vino Ubuntu bionic *
Vino Ubuntu devel *
Vino Ubuntu focal *
Vino Ubuntu groovy *
Vino Ubuntu hirsute *
Vino Ubuntu impish *
Vino Ubuntu jammy *
Vino Ubuntu kinetic *
Vino Ubuntu lunar *
Vino Ubuntu mantic *
Vino Ubuntu noble *
Vino Ubuntu oracular *
Vino Ubuntu trusty *
Vino Ubuntu xenial *
X11vnc Ubuntu bionic *
X11vnc Ubuntu groovy *
X11vnc Ubuntu hirsute *
X11vnc Ubuntu impish *
X11vnc Ubuntu kinetic *
X11vnc Ubuntu lunar *
X11vnc Ubuntu mantic *
X11vnc Ubuntu trusty *
X11vnc Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use