CVE-2020-14405

EPSS 1.45%
Veröffentlicht 17.06.2020 16:15:12
Zuletzt bearbeitet 21.11.2024 05:03:12
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libvnc Project ≫ Libvncserver Version < 0.9.12

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Siemens ≫ Simatic Itc1500 Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc1500 Version-

Siemens ≫ Simatic Itc1500 Pro Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc1500 Pro Version-

Siemens ≫ Simatic Itc1900 Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc1900 Version-

Siemens ≫ Simatic Itc1900 Pro Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc1900 Pro Version-

Siemens ≫ Simatic Itc2200 Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc2200 Version-

Siemens ≫ Simatic Itc2200 Pro Firmware Version >= 3.0.0.0 < 3.2.1.0

Siemens ≫ Simatic Itc2200 Pro Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.45%	0.802

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

Patch

Third Party Advisory

https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13

Third Party Advisory

Release Notes

https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4434-1/

Third Party Advisory

https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-14405

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14405

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14405

EUVD