Login Sign Up

CVE-2020-14397

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2020-14397 is a NULL pointer dereference vulnerability in LibVNCServer's rfbregion.c that can cause denial of service (crash) when processing malicious VNC client requests. This affects any application using vulnerable versions of LibVNCServer for VNC server functionality. The vulnerability is triggered by specially crafted VNC protocol messages.

💻 Affected Systems

Products:
  • LibVNCServer
  • Any software using LibVNCServer library
Versions: All versions before 0.9.13
Operating Systems: Linux, Unix-like systems, Windows (if compiled with LibVNCServer)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where LibVNCServer is used as a VNC server component. VNC clients are not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Leap by Opensuse

View all CVEs affecting Leap →

Libvncserver by Libvnc Project

View all CVEs affecting Libvncserver →

Simatic Itc1500 Firmware by Siemens

View all CVEs affecting Simatic Itc1500 Firmware →

Simatic Itc1500 Pro Firmware by Siemens

View all CVEs affecting Simatic Itc1500 Pro Firmware →

Simatic Itc1900 Firmware by Siemens

View all CVEs affecting Simatic Itc1900 Firmware →

Simatic Itc1900 Pro Firmware by Siemens

View all CVEs affecting Simatic Itc1900 Pro Firmware →

Simatic Itc2200 Firmware by Siemens

View all CVEs affecting Simatic Itc2200 Firmware →

Simatic Itc2200 Pro Firmware by Siemens

View all CVEs affecting Simatic Itc2200 Pro Firmware →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, though this is unlikely given the nature of NULL pointer dereference vulnerabilities.

🟠

Likely Case

Denial of service causing the VNC server to crash, disrupting remote access services.

🟢

If Mitigated

Minimal impact if proper network segmentation and access controls prevent unauthorized VNC connections.

🌐 Internet-Facing: MEDIUM - VNC servers exposed to the internet could be crashed by attackers, but exploitation requires network access to VNC port.
🏢 Internal Only: LOW - Internal attackers with network access could crash VNC services, but impact is limited to denial of service.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted VNC protocol messages to the vulnerable server. No authentication is needed if VNC server allows unauthenticated connections.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.9.13 and later

Vendor Advisory: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0

Restart Required: Yes

Instructions:

1. Update LibVNCServer to version 0.9.13 or later. 2. Recompile any applications using LibVNCServer with the updated library. 3. Restart VNC server services.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict access to VNC server ports using firewall rules

iptables -A INPUT -p tcp --dport 5900:5910 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 5900:5910 -j DROP

VNC Authentication Enforcement

all

Require strong authentication for all VNC connections

Configure VNC server to require password authentication and disable anonymous access

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate VNC servers from untrusted networks
  • Deploy intrusion detection/prevention systems to monitor for VNC protocol anomalies

🔍 How to Verify

Check if Vulnerable:

Check LibVNCServer version: ldd /path/to/vncserver | grep vnc or check package version with package manager

Check Version:

dpkg -l | grep libvncserver or rpm -qa | grep libvncserver or libvncserver-config --version

Verify Fix Applied:

Verify LibVNCServer version is 0.9.13 or higher: libvncserver-config --version or check installed package version

📡 Detection & Monitoring

Log Indicators:

  • VNC server crash logs
  • Segmentation fault errors in system logs
  • Unexpected VNC service restarts

Network Indicators:

  • Unusual VNC protocol traffic patterns
  • Multiple connection attempts to VNC port
  • Malformed VNC protocol packets

SIEM Query:

source="vnc.log" AND (error OR crash OR segfault) OR destination_port=5900 AND protocol_anomaly=true

📊 Metadata

CVE ID: CVE-2020-14397
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: June 17, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14397, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)