#VU48699 Division by zero in LibVNCServer - CVE-2020-25708

Cybersecurity Help s.r.o.

Published: 2020-11-27 | Updated: 2020-11-29

Vulnerability identifier: #VU48699

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-25708

CWE-ID: CWE-369

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
LibVNCServer
Server applications / Remote management servers, RDP, SSH

Vendor: LibVNC

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide by zero error when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. A remote attacker can pass specially crafted file to the application and crash it.

Mitigation
Install update from vendor's website.

Vulnerable software versions

LibVNCServer: 0.9.0 - 0.9.12

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1896739
https://github.com/LibVNC/libvncserver/issues/409
https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8 update for libvncserver

Division by zero in libvncserver (Alpine package)

Division by zero in LibVNC LibVNCServer