CVE-2019-20839

Published: 17 June 2020

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

Priority

7.5

Package	Release	Status
libvncserver Launchpad, Ubuntu, Debian	upstream	Needs triage
	trusty	Does not exist
	xenial	Released (0.9.10+dfsg-3ubuntu0.16.04.5)
	bionic	Released (0.9.11+dfsg-1ubuntu1.3)
	eoan	Ignored (end of life)
	impish	Not vulnerable (0.9.13+dfsg-1)
	focal	Released (0.9.12+dfsg-9ubuntu0.2)
	groovy	Not vulnerable (0.9.13+dfsg-1)
	jammy	Not vulnerable (0.9.13+dfsg-1)
	hirsute	Not vulnerable (0.9.13+dfsg-1)
	kinetic	Not vulnerable (0.9.13+dfsg-1)
	lunar	Not vulnerable (0.9.13+dfsg-1)
	Patches: upstream: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
x11vnc Launchpad, Ubuntu, Debian	upstream	Needs triage
	trusty	Needs triage
	bionic	Needs triage
	eoan	Ignored (end of life)
	focal	Needs triage
	impish	Ignored (end of life)
	hirsute	Ignored (end of life)
	groovy	Ignored (end of life)
	kinetic	Ignored (end of life, was needs-triage)
	xenial	Needs triage
	jammy	Needs triage
	lunar	Needs triage
veyon Launchpad, Ubuntu, Debian	upstream	Needs triage
	trusty	Does not exist
	xenial	Does not exist
	bionic	Does not exist
	eoan	Ignored (end of life)
	focal	Needs triage
	impish	Ignored (end of life)
	hirsute	Ignored (end of life)
	groovy	Ignored (end of life)
	kinetic	Ignored (end of life, was needs-triage)
	jammy	Needs triage
	lunar	Needs triage

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.