CVE-2024-42458

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42458

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42458.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-42458

Downstream

UBUNTU-CVE-2024-42458

openSUSE-SU-2024:14238-1

Related

openSUSE-SU-2024:14238-1

Published

2024-08-02T04:17:30Z

Modified

2025-09-16T07:36:59.584002Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.

References

Affected packages

Debian:12 / neatvnc

Package

Name: neatvnc
Purl: pkg:deb/debian/neatvnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.4+dfsg-1

0.5.4+dfsg-2~exp1

0.6.0+dfsg-1

0.6.0+dfsg-2

0.6.0+dfsg-3

0.6.0+dfsg-4

0.7.0+dfsg-1~exp1

0.7.0+dfsg-1

0.7.1+dfsg-1

0.7.1+dfsg-2

0.8.0+dfsg-1

0.8.0+dfsg-2

0.8.0+dfsg-3

0.9.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / neatvnc

Package

Name: neatvnc
Purl: pkg:deb/debian/neatvnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / neatvnc

Package

Name: neatvnc
Purl: pkg:deb/debian/neatvnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/any1/neatvnc

Affected ranges

Type: GIT
Repo: https://github.com/any1/neatvnc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

07081567ab21a2b099ceb41ae8cab872a31cbb9a

Fixed

cc71650a69abc2573a0d96d082409d2468802d47

Affected versions

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.4.0

v0.5.0

v0.5.1

v0.6.0

v0.8.0

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "177093505229075475054067283833337536188",
                "length": 1326.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47",
            "id": "CVE-2024-42458-37b49594",
            "target": {
                "file": "src/server.c",
                "function": "on_security_message"
            }
        },
        {
            "digest": {
                "line_hashes": [
                    "200098592619688431724244195650262786678",
                    "144228641064411576131650050954511004366",
                    "183911694421453457253313999136612274167",
                    "170759805172700855501497848521799265206",
                    "87507555924181498260665001313393276748",
                    "87954626211445888233932014829995727637"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47",
            "id": "CVE-2024-42458-77da223b",
            "target": {
                "file": "include/common.h"
            }
        },
        {
            "digest": {
                "line_hashes": [
                    "116397549654112421895184219694387725319",
                    "291491629912089104801587928977922092367",
                    "179658671166173521842555626810812300289",
                    "190788148107075586680848452741085485731",
                    "258354025704475345109660124721000824913",
                    "88520262839988445052408863643330680338",
                    "188365841523380379104842004687830880870",
                    "62384184642766121171516911098611337807",
                    "282515672572871820002721126284246074631",
                    "179344375336408240027781529292516663437",
                    "108438947948451365429997329018576427029",
                    "2516145889348624230041671170861593111",
                    "113008244467817715751621795327110147215",
                    "40703007367238018091268701668855572261",
                    "296533334045544714712958552393323366296",
                    "29670061075379394938088072672465740027",
                    "333150662724344390665642254924037761784",
                    "83298109900166621105143751640136616526",
                    "99235920556425326115875890182662326506",
                    "230186620613666518510337367638128180686",
                    "58155029186732881545137002545936765097",
                    "260237335070883203550454062202582643763",
                    "79036384539945454788470706257893013269",
                    "97457523367835598605401025780944312413",
                    "133830568517158231961661961147627179095",
                    "40900684370585588941382221035285223983",
                    "182046767358639177198892741438715194405",
                    "55682409739262188225016225419153055905",
                    "161134425231511639227997003166180348384",
                    "52552116556938751488668223009677987053",
                    "111963728793586557121189555397295030028",
                    "300748046111620904357982509986286920155",
                    "254794534161181567964057584526264317507",
                    "243439128627104443398333559590013725521",
                    "21640817194794217698819312358465188814",
                    "11139996644220509490422354272936323937",
                    "214333312701199870983978821349645115232",
                    "254026792095853284181597494359682393668",
                    "306341792209616042362648658775593681821",
                    "70288545804586184467975987293964921850",
                    "335176492552698187799765606722898885204",
                    "268156426710849312707269681081677955002",
                    "177470389489714847230489110881761987281",
                    "221765549898772626495465572500792132290",
                    "338714449571749727301608760428978288766"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47",
            "id": "CVE-2024-42458-cd5fa8e6",
            "target": {
                "file": "src/server.c"
            }
        },
        {
            "digest": {
                "function_hash": "332960609464506991215342751023859634233",
                "length": 1242.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47",
            "id": "CVE-2024-42458-f57d1db6",
            "target": {
                "file": "src/server.c",
                "function": "on_version_message"
            }
        }
    ]
}