An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html | Issue Tracking Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf | Patch Third Party Advisory |
https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff | Patch Third Party Advisory |
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 | Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/4434-1/ | Third Party Advisory |
https://usn.ubuntu.com/4573-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
09 Mar 2022, 22:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens simatic Itc2200
Siemens simatic Itc2200 Pro Firmware Siemens Siemens simatic Itc1900 Pro Siemens simatic Itc1500 Libvnc Project Siemens simatic Itc1900 Siemens simatic Itc2200 Pro Canonical ubuntu Linux Siemens simatic Itc1900 Firmware Siemens simatic Itc1900 Pro Firmware Siemens simatic Itc1500 Pro Firmware Siemens simatic Itc2200 Firmware Siemens simatic Itc1500 Firmware Canonical Libvnc Project libvncserver Siemens simatic Itc1500 Pro |
|
CPE | cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* |
CWE | CWE-125 |
CWE-787 |
References | (UBUNTU) https://usn.ubuntu.com/4573-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf - Patch, Third Party Advisory |
14 Dec 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-670 CWE-125 |
|
References |
|
Information
Published : 2020-06-17 16:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-14402
Mitre link : CVE-2020-14402
CVE.ORG link : CVE-2020-14402
JSON object : View
Products Affected
siemens
- simatic_itc1500_pro
- simatic_itc1900_firmware
- simatic_itc1900
- simatic_itc1900_pro
- simatic_itc1500_pro_firmware
- simatic_itc2200_pro_firmware
- simatic_itc1900_pro_firmware
- simatic_itc2200
- simatic_itc2200_firmware
- simatic_itc2200_pro
- simatic_itc1500_firmware
- simatic_itc1500
libvnc_project
- libvncserver
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-787
Out-of-bounds Write