CVE-2020-14402

Published: 17 June 2020

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.

Priority

CVSS 3 base score: 5.4

Status

Package	Release	Status
libvncserver Launchpad, Ubuntu, Debian	bionic	Released (0.9.11+dfsg-1ubuntu1.3)
	eoan	Ignored (reached end-of-life)
	focal	Released (0.9.12+dfsg-9ubuntu0.2)
	groovy	Not vulnerable (0.9.13+dfsg-1)
	hirsute	Not vulnerable (0.9.13+dfsg-1)
	impish	Not vulnerable (0.9.13+dfsg-1)
	jammy	Not vulnerable (0.9.13+dfsg-1)
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Released (0.9.10+dfsg-3ubuntu0.16.04.5)
	Patches: upstream: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
veyon Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Ignored (reached end-of-life)
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needs triage
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
vino Launchpad, Ubuntu, Debian	bionic	Released (3.22.0-3ubuntu1.1)
	focal	Released (3.22.0-5ubuntu2.1)
	groovy	Released (3.22.0-6ubuntu2)
	hirsute	Released (3.22.0-6ubuntu2)
	impish	Released (3.22.0-6ubuntu2)
	jammy	Released (3.22.0-6ubuntu2)
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Released (3.8.1-0ubuntu9.3)
x11vnc Launchpad, Ubuntu, Debian	bionic	Needs triage
	eoan	Ignored (reached end-of-life)
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needs triage
	precise	Does not exist
	trusty	Needs triage
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)