Division by zero in LibVNCServer

#VU48699 Division by zero in LibVNCServer

Published: 2020-11-27 | Updated: 2020-11-29

Vulnerability identifier: #VU48699

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25708

CWE-ID: CWE-369

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
LibVNCServer
Server applications / Remote management servers, RDP, SSH

Vendor: LibVNC

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide by zero error when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. A remote attacker can pass specially crafted file to the application and crash it.

Mitigation
Install update from vendor's website.

Vulnerable software versions

LibVNCServer: 0.9.0 - 0.9.12

External links
http://bugzilla.redhat.com/show_bug.cgi?id=1896739
http://github.com/LibVNC/libvncserver/issues/409
http://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8 update for libvncserver

Division by zero in libvncserver (Alpine package)

Division by zero in LibVNC LibVNCServer