{"id":"CVE-2020-14398","details":"An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.","modified":"2026-02-02T12:58:05.999128Z","published":"2020-06-17T16:15:11.837Z","related":["MGASA-2020-0280","SUSE-SU-2020:14424-1","SUSE-SU-2020:1922-1","SUSE-SU-2020:2167-1","openSUSE-SU-2020:0988-1","openSUSE-SU-2020:1025-1","openSUSE-SU-2020:1056-1","openSUSE-SU-2024:10598-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"},{"type":"ADVISORY","url":"https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b"},{"type":"ADVISORY","url":"https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4434-1/"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"},{"type":"FIX","url":"https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libvnc/libvncserver","events":[{"introduced":"0"},{"fixed":"57433015f856cc12753378254ce4f1c78f5d9c7b"}]}],"versions":["LibVNCServer-0.9.10","LibVNCServer-0.9.11","LibVNCServer-0.9.12","LibVNCServer-0.9.8","LibVNCServer-0.9.9","X11VNC_0_9_10","X11VNC_0_9_11","X11VNC_0_9_12","X11VNC_0_9_7","X11VNC_0_9_8","X11VNC_0_9_9","X11VNC_REL_0_9_4","X11VNC_REL_0_9_5","X11VNC_REL_0_9_6"],"database_specific":{"vanir_signatures":[{"target":{"file":"libvncclient/sockets.c"},"id":"CVE-2020-14398-475aebc7","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["324641747666988017107537825977212487921","23468658264547528270405885375446689429","314499575584461443646606121383594492402","306615535104477164525540192538372084840","14242646121608592095535288825338715475","280000055704668278136952721231838649105","77168082287649511464652842806746410799","210755404642812292529507728767750616110","5412593350985301690771727771322932537","224006225380859415254987411028168719488","162495475645404325950860693104261241117","208548725558632311365373979711768969454","210755404642812292529507728767750616110","96712536681029417621070288510255798803"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b"},{"target":{"file":"rfb/rfbclient.h"},"id":"CVE-2020-14398-698de838","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["233183713997520342950720743348847311279","293051295555592082169364195627676632234","236710258153632713615781603996356999439","81346176306328477675546311671981257623","229986401505472749873384896338511608079","121575258245161325243889731797089498050","207522311205809133671077703326120694040"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b"},{"target":{"file":"libvncclient/vncviewer.c"},"id":"CVE-2020-14398-c26dc7dd","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["102909818689610700070936665680561590842","206285582406680325489952759430085590091","105327152294886155943177781097700765091","260389185708839503373468255712311087968"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b"},{"target":{"function":"rfbGetClient","file":"libvncclient/vncviewer.c"},"id":"CVE-2020-14398-c3c16db2","deprecated":false,"digest":{"length":3287,"function_hash":"254707495691174405563156847212044692456"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b"},{"target":{"function":"ReadFromRFBServer","file":"libvncclient/sockets.c"},"id":"CVE-2020-14398-d84cf98c","deprecated":false,"digest":{"length":3425,"function_hash":"54417766686695289676091539773525012280"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/libvnc/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14398.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}