Fluid Attacks Database

Description

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libvncserver	>=0 <0.9.13+dfsg-1	0.9.13+dfsg-1
debian 14	libvncserver	>=0 <0.9.13+dfsg-1	0.9.13+dfsg-1
debian 13	libvncserver	>=0 <0.9.13+dfsg-1	0.9.13+dfsg-1
debian 11	libvncserver	>=0 <0.9.13+dfsg-1	0.9.13+dfsg-1
rpm rhel6	vino	-	-
rpm rhel8	vino	-	-
rpm rhel8	libvncserver	<0:0.9.11-17.el8	0:0.9.11-17.el8
rpm rhel7	libvncserver	-	-
rpm rhel7	vino	-	-
rpm rhel6	libvncserver	-	-

Aliases

1. CVE-2020-257082. NVD-2020-257083. OSV-DEBIAN-2020-257084. OSV-2020-257085. SECURITY-TRACKER-CVE-2020-25708

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.