CVE-2020-14398

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-14398
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14398.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-14398
Downstream
Related
Published
2020-06-17T16:15:11.837Z
Modified
2025-11-14T10:44:02.427473Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

References

Affected packages

Git / github.com/libvnc/libvncserver

Affected ranges

Type
GIT
Repo
https://github.com/libvnc/libvncserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
57433015f856cc12753378254ce4f1c78f5d9c7b

Affected versions

LibVNCServer-0.*

LibVNCServer-0.9.10
LibVNCServer-0.9.11
LibVNCServer-0.9.12
LibVNCServer-0.9.8
LibVNCServer-0.9.9

Other

X11VNC_0_9_10
X11VNC_0_9_11
X11VNC_0_9_12
X11VNC_0_9_7
X11VNC_0_9_8
X11VNC_0_9_9
X11VNC_REL_0_9_4
X11VNC_REL_0_9_5
X11VNC_REL_0_9_6

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "324641747666988017107537825977212487921",
                "23468658264547528270405885375446689429",
                "314499575584461443646606121383594492402",
                "306615535104477164525540192538372084840",
                "14242646121608592095535288825338715475",
                "280000055704668278136952721231838649105",
                "77168082287649511464652842806746410799",
                "210755404642812292529507728767750616110",
                "5412593350985301690771727771322932537",
                "224006225380859415254987411028168719488",
                "162495475645404325950860693104261241117",
                "208548725558632311365373979711768969454",
                "210755404642812292529507728767750616110",
                "96712536681029417621070288510255798803"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "libvncclient/sockets.c"
        },
        "deprecated": false,
        "id": "CVE-2020-14398-475aebc7",
        "signature_version": "v1",
        "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
        "signature_type": "Line"
    },
    {
        "digest": {
            "line_hashes": [
                "233183713997520342950720743348847311279",
                "293051295555592082169364195627676632234",
                "236710258153632713615781603996356999439",
                "81346176306328477675546311671981257623",
                "229986401505472749873384896338511608079",
                "121575258245161325243889731797089498050",
                "207522311205809133671077703326120694040"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "rfb/rfbclient.h"
        },
        "deprecated": false,
        "id": "CVE-2020-14398-698de838",
        "signature_version": "v1",
        "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
        "signature_type": "Line"
    },
    {
        "digest": {
            "line_hashes": [
                "102909818689610700070936665680561590842",
                "206285582406680325489952759430085590091",
                "105327152294886155943177781097700765091",
                "260389185708839503373468255712311087968"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "libvncclient/vncviewer.c"
        },
        "deprecated": false,
        "id": "CVE-2020-14398-c26dc7dd",
        "signature_version": "v1",
        "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
        "signature_type": "Line"
    },
    {
        "digest": {
            "length": 3287.0,
            "function_hash": "254707495691174405563156847212044692456"
        },
        "target": {
            "file": "libvncclient/vncviewer.c",
            "function": "rfbGetClient"
        },
        "deprecated": false,
        "id": "CVE-2020-14398-c3c16db2",
        "signature_version": "v1",
        "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 3425.0,
            "function_hash": "54417766686695289676091539773525012280"
        },
        "target": {
            "file": "libvncclient/sockets.c",
            "function": "ReadFromRFBServer"
        },
        "deprecated": false,
        "id": "CVE-2020-14398-d84cf98c",
        "signature_version": "v1",
        "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
        "signature_type": "Function"
    }
]