CVE-2020-14397
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-14397
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14397.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-14397
- Downstream
- Related
- Published
- 2020-06-17T16:15:11Z
- Modified
- 2025-10-15T11:56:33.335429Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
- https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
- https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13
- https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html
- https://usn.ubuntu.com/4434-1/
- https://usn.ubuntu.com/4573-1/
Affected packages
Git / github.com/libvnc/libvncserver
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libvnc/libvncserver
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
LibVNCServer-0.*
LibVNCServer-0.9.10
LibVNCServer-0.9.11
LibVNCServer-0.9.12
LibVNCServer-0.9.8
LibVNCServer-0.9.9
Other
X11VNC_0_9_10
X11VNC_0_9_11
X11VNC_0_9_12
X11VNC_0_9_7
X11VNC_0_9_8
X11VNC_0_9_9
X11VNC_REL_0_9_4
X11VNC_REL_0_9_5
X11VNC_REL_0_9_6
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2020-14397-57138274",
"source": "https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0",
"digest": {
"length": 564.0,
"function_hash": "297202612131400419264101244022029335570"
},
"deprecated": false,
"target": {
"function": "rfbClientIteratorNext",
"file": "libvncserver/rfbserver.c"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2020-14397-62fecc1c",
"source": "https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0",
"digest": {
"length": 129.0,
"function_hash": "35943597304556728290599649561873686848"
},
"deprecated": false,
"target": {
"function": "sraSpanRemove",
"file": "libvncserver/rfbregion.c"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2020-14397-7db584a1",
"source": "https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0",
"digest": {
"length": 177.0,
"function_hash": "13375577804589520980869365028992005452"
},
"deprecated": false,
"target": {
"function": "sraSpanInsertBefore",
"file": "libvncserver/rfbregion.c"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2020-14397-b286e04f",
"source": "https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0",
"digest": {
"length": 177.0,
"function_hash": "308180803968003756632479985064601731480"
},
"deprecated": false,
"target": {
"function": "sraSpanInsertAfter",
"file": "libvncserver/rfbregion.c"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2020-14397-c6e68006",
"source": "https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0",
"digest": {
"line_hashes": [
"129789622784888703049761371788375090829",
"192021373110556373924439968139735438884",
"61072920218535349534747548085317793870",
"290028638275504518166892205271637573622",
"309529031156275530272242272036928506489",
"63814239015190438186515325761625769582",
"305345191105789934771957096566624699162",
"164856137291477852452065722557293518470",
"258276280196864558935373940393721172142",
"260530719255116134297278517836890348386",
"219211903808393606215952572397156439919",
"164379770128048257586355656012362062922",
"49864376157076557018843636422687187024",
"326415775950170687086498577993376834425",
"176015776013475282985826867223578781969",
"188226683699824686304425512567088681309",
"87338811101464322177305173082397686098",
"338038670024466485237077130119798763896",
"200654883490875339150761829742367690988"
],
"threshold": 0.9
},
"deprecated": false,
"target": {
"file": "libvncserver/rfbregion.c"
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2020-14397-dcee1ebf",
"source": "https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0",
"digest": {
"line_hashes": [
"188611924461224704302489486341034162652",
"45100662802048171843781279201327666989",
"228183687346468758546468784391674645379",
"112246271884870165818073004635834463683",
"322962774470696617483175220566020184863",
"276446598387385854228408982083396903462",
"318670290681636359680857980044567325665",
"28880945584438269491008089576739099616"
],
"threshold": 0.9
},
"deprecated": false,
"target": {
"file": "libvncserver/rfbserver.c"
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2020-14397-ddcdae11",
"source": "https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0",
"digest": {
"length": 105.0,
"function_hash": "57427340694778193739664377224873694190"
},
"deprecated": false,
"target": {
"function": "rfbReleaseClientIterator",
"file": "libvncserver/rfbserver.c"
},
"signature_type": "Function"
}
]