{"id":"RLSA-2021:1811","summary":"Moderate: libvncserver security update","details":"LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.\n\nSecurity Fix(es):\n\n* libvncserver: uninitialized memory contents are vulnerable to Information Leak (CVE-2018-21247)\n\n* libvncserver: buffer overflow in ConnectClientToUnixSock() (CVE-2019-20839)\n\n* libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397)\n\n* libvncserver: libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405)\n\n* libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.","modified":"2026-03-11T05:58:58.809809Z","published":"2021-05-18T06:09:01Z","upstream":["CVE-2018-21247","CVE-2019-20839","CVE-2020-14397","CVE-2020-14405","CVE-2020-25708"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2021:1811"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849877"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849886"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860325"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860344"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1896739"}],"affected":[{"package":{"name":"libvncserver","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libvncserver?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.9.11-17.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1811.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}