CVE-2020-14403

2020-06-1700:00:00

ubuntu.com

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

0.001

Percentile

51.1%

JSON

An issue was discovered in LibVNCServer before 0.9.13.
libvncserver/hextile.c allows out-of-bounds access via encodings.

Notes

Author	Note
mdeslaur	same commit as CVE-2020-14402

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibvncserver< 0.9.11+dfsg-1ubuntu1.3UNKNOWN
ubuntu20.04noarchlibvncserver< 0.9.12+dfsg-9ubuntu0.2UNKNOWN
ubuntu16.04noarchlibvncserver< 0.9.10+dfsg-3ubuntu0.16.04.5UNKNOWN
ubuntu20.04noarchveyon< anyUNKNOWN
ubuntu22.04noarchveyon< anyUNKNOWN
ubuntu24.04noarchveyon< anyUNKNOWN
ubuntu18.04noarchvino< 3.22.0-3ubuntu1.1UNKNOWN
ubuntu20.04noarchvino< 3.22.0-5ubuntu2.1UNKNOWN
ubuntu20.10noarchvino< 3.22.0-6ubuntu2UNKNOWN
ubuntu21.04noarchvino< 3.22.0-6ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	libvncserver	< 0.9.11+dfsg-1ubuntu1.3	UNKNOWN
ubuntu	20.04	noarch	libvncserver	< 0.9.12+dfsg-9ubuntu0.2	UNKNOWN
ubuntu	16.04	noarch	libvncserver	< 0.9.10+dfsg-3ubuntu0.16.04.5	UNKNOWN
ubuntu	20.04	noarch	veyon	< any	UNKNOWN
ubuntu	22.04	noarch	veyon	< any	UNKNOWN
ubuntu	24.04	noarch	veyon	< any	UNKNOWN
ubuntu	18.04	noarch	vino	< 3.22.0-3ubuntu1.1	UNKNOWN
ubuntu	20.04	noarch	vino	< 3.22.0-5ubuntu2.1	UNKNOWN
ubuntu	20.10	noarch	vino	< 3.22.0-6ubuntu2	UNKNOWN
ubuntu	21.04	noarch	vino	< 3.22.0-6ubuntu2	UNKNOWN