Denial of Service Vulnerability in LibVNCServer 0.9.9 and Earlier

Denial of Service Vulnerability in LibVNCServer 0.9.9 and Earlier

CVE-2014-6053 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

Learn more about our Cis Benchmark Audit For Server Software.