CVE-2020-14401

nvd nist

Published: Jun 17, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.

Affected (11)

Products: Libvncserver Project: Libvncserver · Debian: Debian Linux · Opensuse: Leap · +1 more

Show all products

Libvncserver Project: Libvncserver · Debian: Debian Linux · Opensuse: Leap · Siemens: Simatic Itc1500 Firmware, Simatic Itc1500 Pro Firmware, Simatic Itc1900 Firmware, Simatic Itc1900 Pro Firmware, Simatic Itc2200 Firmware, Simatic Itc2200 Pro Firmware

1 product

1 product

1 product

6 products

Simatic Itc1500 Firmware

Simatic Itc1500 Pro Firmware

Simatic Itc1900 Firmware

Simatic Itc1900 Pro Firmware

Simatic Itc2200 Firmware

Simatic Itc2200 Pro Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libvncserver Project Libvncserver	Before 0.9.13

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Itc1500 Firmware	From 3.0.0.0 to 3.2.1.0

Running on/with	Platform Versions
Siemens Simatic Itc1500	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Itc1500 Pro Firmware	From 3.0.0.0 to 3.2.1.0

Running on/with	Platform Versions
Siemens Simatic Itc1500 Pro	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Itc1900 Firmware	From 3.0.0.0 to 3.2.1.0

Running on/with	Platform Versions
Siemens Simatic Itc1900	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Itc1900 Pro Firmware	From 3.0.0.0 to 3.2.1.0

Running on/with	Platform Versions
Siemens Simatic Itc1900 Pro	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Itc2200 Firmware	From 3.0.0.0 to 3.2.1.0

Running on/with	Platform Versions
Siemens Simatic Itc2200	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Itc2200 Pro Firmware	From 3.0.0.0 to 3.2.1.0

Running on/with	Platform Versions
Siemens Simatic Itc2200 Pro	All versions

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13

Source: cve@mitre.org

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4434-1/

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4434-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.