CVE-2024-42458

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42458
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42458.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42458
Downstream
Related
Published
2024-08-02T04:17:30Z
Modified
2025-10-17T09:45:19.523641Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.

References

Affected packages

Git / github.com/any1/neatvnc

Affected ranges

Type
GIT
Repo
https://github.com/any1/neatvnc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
07081567ab21a2b099ceb41ae8cab872a31cbb9a
Fixed
cc71650a69abc2573a0d96d082409d2468802d47

Affected versions

v0.*

v0.1.0
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.8.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 1326.0,
            "function_hash": "177093505229075475054067283833337536188"
        },
        "target": {
            "file": "src/server.c",
            "function": "on_security_message"
        },
        "deprecated": false,
        "id": "CVE-2024-42458-37b49594",
        "signature_version": "v1",
        "source": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47",
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "200098592619688431724244195650262786678",
                "144228641064411576131650050954511004366",
                "183911694421453457253313999136612274167",
                "170759805172700855501497848521799265206",
                "87507555924181498260665001313393276748",
                "87954626211445888233932014829995727637"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "include/common.h"
        },
        "deprecated": false,
        "id": "CVE-2024-42458-77da223b",
        "signature_version": "v1",
        "source": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47",
        "signature_type": "Line"
    },
    {
        "digest": {
            "line_hashes": [
                "116397549654112421895184219694387725319",
                "291491629912089104801587928977922092367",
                "179658671166173521842555626810812300289",
                "190788148107075586680848452741085485731",
                "258354025704475345109660124721000824913",
                "88520262839988445052408863643330680338",
                "188365841523380379104842004687830880870",
                "62384184642766121171516911098611337807",
                "282515672572871820002721126284246074631",
                "179344375336408240027781529292516663437",
                "108438947948451365429997329018576427029",
                "2516145889348624230041671170861593111",
                "113008244467817715751621795327110147215",
                "40703007367238018091268701668855572261",
                "296533334045544714712958552393323366296",
                "29670061075379394938088072672465740027",
                "333150662724344390665642254924037761784",
                "83298109900166621105143751640136616526",
                "99235920556425326115875890182662326506",
                "230186620613666518510337367638128180686",
                "58155029186732881545137002545936765097",
                "260237335070883203550454062202582643763",
                "79036384539945454788470706257893013269",
                "97457523367835598605401025780944312413",
                "133830568517158231961661961147627179095",
                "40900684370585588941382221035285223983",
                "182046767358639177198892741438715194405",
                "55682409739262188225016225419153055905",
                "161134425231511639227997003166180348384",
                "52552116556938751488668223009677987053",
                "111963728793586557121189555397295030028",
                "300748046111620904357982509986286920155",
                "254794534161181567964057584526264317507",
                "243439128627104443398333559590013725521",
                "21640817194794217698819312358465188814",
                "11139996644220509490422354272936323937",
                "214333312701199870983978821349645115232",
                "254026792095853284181597494359682393668",
                "306341792209616042362648658775593681821",
                "70288545804586184467975987293964921850",
                "335176492552698187799765606722898885204",
                "268156426710849312707269681081677955002",
                "177470389489714847230489110881761987281",
                "221765549898772626495465572500792132290",
                "338714449571749727301608760428978288766"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/server.c"
        },
        "deprecated": false,
        "id": "CVE-2024-42458-cd5fa8e6",
        "signature_version": "v1",
        "source": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47",
        "signature_type": "Line"
    },
    {
        "digest": {
            "length": 1242.0,
            "function_hash": "332960609464506991215342751023859634233"
        },
        "target": {
            "file": "src/server.c",
            "function": "on_version_message"
        },
        "deprecated": false,
        "id": "CVE-2024-42458-f57d1db6",
        "signature_version": "v1",
        "source": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47",
        "signature_type": "Function"
    }
]