Vulnerability Details : CVE-2014-6055
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2014-6055
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5.z:*:*:*:*:*:*:*
- cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-6055
11.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6055
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2014-6055
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6055
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96187
LibVNCServer File Transfer feature buffer overflow CVE-2014-6055 Vulnerability Report
-
https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
Page not found · GitHub · GitHubIssue Tracking;Patch
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html
[SECURITY] Fedora 20 Update: libvncserver-0.9.10-0.6.20140718git9453be42.fc20Third Party Advisory
-
https://usn.ubuntu.com/4587-1/
USN-4587-1: iTALC vulnerabilities | Ubuntu security notices | Ubuntu
-
http://seclists.org/oss-sec/2014/q3/639
oss-sec: Multiple issues in libVNCserverMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/09/25/11
oss-security - [oCERT-2014-007] libvncserver multiple issuesMailing List;Third Party Advisory
-
http://www.ocert.org/advisories/ocert-2014-007.html
oCERT archiveThird Party Advisory;US Government Resource
-
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
[SECURITY] [DLA 1979-1] italc security update
-
http://secunia.com/advisories/61506
Sign in
-
http://www.securityfocus.com/bid/70096
LibVNCServer CVE-2014-6055 Multiple Stack Based Buffer Overflow VulnerabilitiesThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html
[SECURITY] Fedora 21 Update: libvncserver-0.9.10-0.6.20140718git9453be42.fc21Third Party Advisory
-
https://security.gentoo.org/glsa/201507-07
LibVNCServer: Multiple vulnerabilities (GLSA 201507-07) — Gentoo security
-
http://rhn.redhat.com/errata/RHSA-2015-0113.html
RHSA-2015:0113 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
Page not found · GitHub · GitHubIssue Tracking;Patch
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
openSUSE-SU-2015:2207-1: moderate: Security update for LibVNCServer
-
http://www.debian.org/security/2014/dsa-3081
Debian -- Security Information -- DSA-3081-1 libvncserverThird Party Advisory
-
https://www.kde.org/info/security/advisory-20140923-1.txt
Issue Tracking;Patch
Jump to