CVE-2010-5304

moderate-risk
Published 2020-02-05

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

Do I need to act?

~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (4)

Libvncserver

Affected Vendors

Fedoraproject Libvncserver Project

References (12)

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.ht...
Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139814.ht...
Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140219.ht...
Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445....
Mailing List http://seclists.org/oss-sec/2014/q3/639
Mailing List http://www.openwall.com/lists/oss-security/2014/09/23/6
Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.ht...
Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139814.ht...
Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140219.ht...
Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445....
Mailing List http://seclists.org/oss-sec/2014/q3/639
Mailing List http://www.openwall.com/lists/oss-security/2014/09/23/6
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 7/34 · Low
Exposure 10/34 · Low