CVE-2019-20839

EPSS 4.08%
Published 17.06.2020 16:15:11
Last modified 21.11.2024 04:39:30
Source cve@mitre.org
Teams watchlist Login
Open Login

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

Affected products Warnungen 0 Metrics 3 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Libvnc Project ≫ Libvncserver Version <= 0.9.12

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Siemens ≫ Simatic Itc1500 Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc1500 Version-

Siemens ≫ Simatic Itc1500 Pro Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc1500 Pro Version-

Siemens ≫ Simatic Itc1900 Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc1900 Version-

Siemens ≫ Simatic Itc1900 Pro Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc1900 Pro Version-

Siemens ≫ Simatic Itc2200 Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc2200 Version-

Siemens ≫ Simatic Itc2200 Pro Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc2200 Pro Version-

Opensuse ≫ Leap Version15.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.08%	0.881

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

Patch

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html

Third Party Advisory

Mailing List

https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13

Third Party Advisory

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/

https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4434-1/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-20839

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-20839

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-20839

EUVD