Ubuntu update for libvncserver
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2019-20839 CVE-2019-20840 CVE-2020-14396 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405 |
| CWE-ID | CWE-119 CWE-476 CWE-835 CWE-200 CWE-190 CWE-770 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system libvncserver1 (Ubuntu package) Operating systems & Components / Operating system package or component libvncclient1 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU29373
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-20839
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary when processing long socket filename in libvncclient/sockets.c in LibVNCServer. A remote attacker can rick the victim to connect to server using a specially crafted configuration file, trigger buffer overflow and execute arbitrary code on the target system.
Update the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU29372
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-20840
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within hybiReadAndDecode() in libvncserver/ws_decode.c. A remote attacker can create a specially crafted request to the affected LibVNCServer installation and crash the service.
Update the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU29383
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14396
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libvncclient/tls_openssl.c. A remote attacker can trick the victim to connect to a malicious server and perform a denial of service (DoS) attack.
MitigationUpdate the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU29382
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-14397
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libvncserver/rfbregion.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU29381
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-14398
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in libvncclient/sockets.c when closing TCP connections. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU29380
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14399
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. A remote authenticated user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU29379
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14400
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. A remote authenticated user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU29378
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-14401
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in libvncserver/scale.c when processing data passed via pixel_value. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU29377
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-14402
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing encodings in libvncserver/corre.c. A remote attacker can pass specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU29376
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-14403
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing encodings in libvncserver/hextile.c. A remote attacker can pass specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU29375
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-14404
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing encodings in libvncserver/rre.c. A remote attacker can pass specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU29374
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-14405
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in libvncclient/rfbproto.c due to LibVNCServer does not limit TextChat size.A remote attacker who controls a malicious VNC server can send large amounts of data to the client application and perform a denial of service (DoS) attack.
Update the affected package libvncserver to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 20.04
libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvncserver1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvncclient1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4434-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
