Login Sign Up

CVE-2020-14399

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2020-14399 is a memory access vulnerability in LibVNCServer where byte-aligned data is accessed through uint32_t pointers, potentially causing memory corruption. This affects applications using LibVNCServer for VNC client functionality before version 0.9.13. While the vulnerability exists, the maintainers note there is reportedly 'no trust boundary crossed' in typical usage.

💻 Affected Systems

Products:
  • LibVNCServer
  • Applications using LibVNCServer library
Versions: All versions before 0.9.13
Operating Systems: Linux, Unix-like systems, Windows (if compiled with LibVNCServer)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the VNC client functionality in libvncclient/rfbproto.c. Server components may not be affected depending on implementation.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Leap by Opensuse

View all CVEs affecting Leap →

Leap by Opensuse

View all CVEs affecting Leap →

Libvncserver by Libvncserver Project

View all CVEs affecting Libvncserver →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to arbitrary code execution or denial of service on systems using vulnerable LibVNCServer client code.

🟠

Likely Case

Application crashes or denial of service due to improper memory access when processing VNC protocol data.

🟢

If Mitigated

Limited impact due to the 'no trust boundary crossed' nature, potentially only affecting client-side functionality without privilege escalation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted VNC protocol data to trigger the improper memory access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.9.13 and later

Vendor Advisory: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d

Restart Required: Yes

Instructions:

1. Update LibVNCServer to version 0.9.13 or later. 2. Recompile any applications using LibVNCServer. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Network segmentation

all

Restrict network access to VNC services to trusted networks only

Application firewalling

linux

Use host-based firewalls to limit which systems can connect to VNC services

sudo ufw deny from any to any port 5900-5910

🧯 If You Can't Patch

  • Implement strict network access controls to limit VNC traffic to trusted sources only
  • Monitor for abnormal application behavior or crashes related to VNC client functionality

🔍 How to Verify

Check if Vulnerable:

Check LibVNCServer version: ldd /path/to/application | grep vnc, then check version in source or package manager

Check Version:

pkg-config --modversion libvncserver || find /usr -name '*vnc*' -type f | xargs strings | grep -i version

Verify Fix Applied:

Verify LibVNCServer version is 0.9.13 or higher and applications have been recompiled with updated library

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual VNC protocol traffic patterns
  • Multiple connection attempts to VNC ports

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "memory access" OR "vnc")

📊 Metadata

CVE ID: CVE-2020-14399
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: June 17, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON