CVE-2019-20788

high-risk

Published 2020-04-23

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

Do I need to act?

0.80% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 54220248886b5001fbbb9fa73c4e1a2cb9413fed

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (14)

Libvncserver

Ubuntu Linux

Debian Linux

Simatic Itc1500 Firmware

Simatic Itc1500 Pro Firmware

Simatic Itc1900 Firmware

Simatic Itc1900 Pro Firmware

Simatic Itc2200 Firmware

Simatic Itc2200 Pro Firmware

Affected Vendors

Debian Siemens Canonical Libvnc Project

References (10)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

Patch https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9...

Exploit https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient

Third Party Advisory https://usn.ubuntu.com/4407-1/

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

Patch https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9...

Exploit https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient

Third Party Advisory https://usn.ubuntu.com/4407-1/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 3/34 · Minimal

Exposure 18/34 · Moderate