Vulnerability CVE-2020-14396: Information
Description
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libvncserver | sisyphus | 0.9.13-alt1 | 0.9.14-alt1 | ALT-PU-2020-2671-1 | 256807 | Fixed |
libvncserver | p10 | 0.9.13-alt1 | 0.9.14-alt1 | ALT-PU-2020-2671-1 | 256807 | Fixed |
libvncserver | p9 | 0.9.13-alt1 | 0.9.13-alt1 | ALT-PU-2020-2694-1 | 256808 | Fixed |
libvncserver | c10f1 | 0.9.13-alt1 | 0.9.13-alt3 | ALT-PU-2020-2671-1 | 256807 | Fixed |
libvncserver | c9f2 | 0.9.13-alt1 | 0.9.13-alt3 | ALT-PU-2020-2694-1 | 256808 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 |
|
https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 |
|
USN-4434-1 |
|
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf |
|