SB2020070626 - Fedora 31 update for libvncserver

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020070626

SB2020070626 - Fedora 31 update for libvncserver

Published: July 6, 2020 Updated: April 25, 2025

Security Bulletin ID SB2020070626
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2019-20839)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary when processing long socket filename in libvncclient/sockets.c in LibVNCServer. A remote attacker can rick the victim to connect to server using a specially crafted configuration file, trigger buffer overflow and execute arbitrary code on the target system.


2) Memory leak (CVE-ID: CVE-2018-21247)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak within the ConnectToRFBRepeater() function in  libvncclient/rfbproto.c. A remote attacker can trick the victim to connect to a malicious VNC server, trigger the memory leak and gain access to sensitive information on the client's system.


3) Out-of-bounds write (CVE-ID: CVE-2017-18922)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.


Remediation

Install update from vendor's website.

References