CVE-2020-14397

CVSS V2 Medium 5 CVSS V3 High 7.5

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

CWE	URL
CWE-476	http://cwe.mitre.org/data/definitions/476.html

CPE	Vulnerable	Operator	Version Start	Version End
		AND
cpe:2.3:a:libvnc_project:libvncserver::::::::	1	OR		0.9.12
		AND
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::	1	OR
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::	1	OR
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::	1	OR
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::	1	OR
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*	1	OR
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::	1	OR
		AND
cpe:2.3:o:debian:debian_linux:8.0:::::::*	1	OR
cpe:2.3:o:debian:debian_linux:9.0:::::::*	1	OR
		AND
cpe:2.3:o:siemens:simatic_itc1500_firmware::::::::	1	OR	3.0.0.0	3.2.1.0
cpe:2.3:h:siemens:simatic_itc1500:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_itc1500_pro_firmware::::::::	1	OR	3.0.0.0	3.2.1.0
cpe:2.3:h:siemens:simatic_itc1500_pro:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_itc1900_firmware::::::::	1	OR	3.0.0.0	3.2.1.0
cpe:2.3:h:siemens:simatic_itc1900:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_itc1900_pro_firmware::::::::	1	OR	3.0.0.0	3.2.1.0
cpe:2.3:h:siemens:simatic_itc1900_pro:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_itc2200_firmware::::::::	1	OR	3.0.0.0	3.2.1.0
cpe:2.3:h:siemens:simatic_itc2200:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_itc2200_pro_firmware::::::::	1	OR	3.0.0.0	3.2.1.0
cpe:2.3:h:siemens:simatic_itc2200_pro:-:::::::*	0	OR
		AND
cpe:2.3:o:opensuse:leap:15.2:::::::*	1	OR

Reference URL	Reference Tags
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13	Release Notes Third Party Advisory
https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4434-1/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4573-1/	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Patch Third Party Advisory

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2020-14397
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397

Created	Old Value	New Value	Data Type	Notes
2022-05-10 15:46:30				Added to TrackCVE
2022-12-04 18:12:06	2020-06-17T16:15Z	2020-06-17T16:15:11	CVE Published Date	updated
2022-12-04 18:12:06		2022-03-10T15:14:43	CVE Modified Date	updated
2022-12-04 18:12:06		Analyzed	Vulnerability Status	updated