CVE-2020-14398

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-14398
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14398.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-14398
Downstream
Related
Published
2020-06-17T16:15:11Z
Modified
2025-09-19T11:57:07.050536Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

References

Affected packages

Git / github.com/libvnc/libvncserver

Affected ranges

Type
GIT
Repo
https://github.com/libvnc/libvncserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
57433015f856cc12753378254ce4f1c78f5d9c7b

Affected versions

LibVNCServer-0.*

LibVNCServer-0.9.10
LibVNCServer-0.9.11
LibVNCServer-0.9.12
LibVNCServer-0.9.8
LibVNCServer-0.9.9

Other

X11VNC_0_9_10
X11VNC_0_9_11
X11VNC_0_9_12
X11VNC_0_9_7
X11VNC_0_9_8
X11VNC_0_9_9
X11VNC_REL_0_9_4
X11VNC_REL_0_9_5
X11VNC_REL_0_9_6

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "libvncclient/sockets.c"
            },
            "deprecated": false,
            "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
            "digest": {
                "line_hashes": [
                    "324641747666988017107537825977212487921",
                    "23468658264547528270405885375446689429",
                    "314499575584461443646606121383594492402",
                    "306615535104477164525540192538372084840",
                    "14242646121608592095535288825338715475",
                    "280000055704668278136952721231838649105",
                    "77168082287649511464652842806746410799",
                    "210755404642812292529507728767750616110",
                    "5412593350985301690771727771322932537",
                    "224006225380859415254987411028168719488",
                    "162495475645404325950860693104261241117",
                    "208548725558632311365373979711768969454",
                    "210755404642812292529507728767750616110",
                    "96712536681029417621070288510255798803"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2020-14398-475aebc7"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "rfb/rfbclient.h"
            },
            "deprecated": false,
            "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
            "digest": {
                "line_hashes": [
                    "233183713997520342950720743348847311279",
                    "293051295555592082169364195627676632234",
                    "236710258153632713615781603996356999439",
                    "81346176306328477675546311671981257623",
                    "229986401505472749873384896338511608079",
                    "121575258245161325243889731797089498050",
                    "207522311205809133671077703326120694040"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2020-14398-698de838"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "libvncclient/vncviewer.c"
            },
            "deprecated": false,
            "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
            "digest": {
                "line_hashes": [
                    "102909818689610700070936665680561590842",
                    "206285582406680325489952759430085590091",
                    "105327152294886155943177781097700765091",
                    "260389185708839503373468255712311087968"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2020-14398-c26dc7dd"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "libvncclient/vncviewer.c",
                "function": "rfbGetClient"
            },
            "deprecated": false,
            "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
            "digest": {
                "length": 3287.0,
                "function_hash": "254707495691174405563156847212044692456"
            },
            "signature_type": "Function",
            "id": "CVE-2020-14398-c3c16db2"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "libvncclient/sockets.c",
                "function": "ReadFromRFBServer"
            },
            "deprecated": false,
            "source": "https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b",
            "digest": {
                "length": 3425.0,
                "function_hash": "54417766686695289676091539773525012280"
            },
            "signature_type": "Function",
            "id": "CVE-2020-14398-d84cf98c"
        }
    ]
}