CVE-2020-14400

一、漏洞信息
 漏洞编号：[CVE-2020-14400](https://nvd.nist.gov/vuln/detail/CVE-2020-14400)
 漏洞归属组件：[libvncserver](https://gitee.com/src-openeuler/libvncserver)
 漏洞归属的版本：0.9.11
 CVSS V3.0分值：
  BaseScore：7.5 High
  Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
 漏洞简述：
  An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary
 漏洞公开时间：2020-06-18 00:15
 漏洞创建时间：2021-01-27 16:04:25
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2020-14400
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| github | https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d |  |
| github |  https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 |  |
| lists |  https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html |  |
| NVD |  https://nvd.nist.gov/vuln/detail/CVE-2020-14400 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
                          
 openEuler评分：
  7.5
 Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1:
2.openEuler-20.09:
3.openEuler-24.03-LTS(0.9.13):
4.master(0.9.13):
5.openEuler-22.03-LTS-SP4(0.9.13):

修复是否涉及abi变化(是/否)：
  2.openEuler-24.03-LTS(0.9.13):
3.master(0.9.13):
4.openEuler-22.03-LTS-SP4(0.9.13):

@fly_fzc ,@oli_give_xiao_zi_li ,@vicxhh ,@tangguoloveyou ,@disnight ,@zhouerlin ,@wang_yue111 ,@vicxhh ,@wangchong1995924 ,@wangef ,@li_zhiliang8 ,@chengzihan2 ,@cuibb1 ,@yaokai13 ,@zhangbo20 ,@jeff200902 ,@fly_fzc ,@miao_kaibo ,@solarhu ,@littlepc ,@Charlie_li ,@basic ,@overweight ,@tangjing996 ,@jiangkai89 ,@higgins ,@baizhilaoda ,@zi_cvi ,@Classicriver_jia ,@doraemon2020 ,@wjf008 ,@ga_beng_cui ,@emily_liuliu ,@Clerk_duan ,@ssttkx ,@higgins ,@walkingwalk ,@KeyboardXia ,@zhang_liu_yan ,@air9 ,@t_feng ,@catastrowings ,@daidai_is_here ,@duyyb ,@bingo2008 ,@gu ,@byeX012 ,@lkx690 ,@qiegewala ,@ultra_planet ,@gnaygnil ,@zhangtao2020 ,@js_liangdong ,@tian2020 ,@chen_ding_xiao ,@duan_tao_tao ,@lunankun ,@shen_en_yu ,@wnd007 ,@yangbonis ,@captainwei ,@cherry530 ,@dan_zhao ,@zl_28 ,@fei_wangl ,@yang_jian_mei ,@yang_zhuang_zhuang ,@yinzhenling ,@ding_yi_ming ,@gstwin ,@m2b1aclc ,@zhou_mu_chen ,@sugarfillet ,@gui ,@seki099 ,@wisdoman ,@wanjk19 ,@yeah_wang ,@fun_yang ,@sherlock2010 ,@prety20 ,@yiyurain ,@compile_success ,@jackie_wu123 ,@xiangshuaizhx ,@yanxiaobing2020 ,@RickyZ5351 ,@ruebb ,@small_leek ,@yanzh_h ,@yanglijin ,@AlexZ11 ,@ba_a_ge ,@Au_Aviel ,@hands2333 ,@hfutsdd ,@kuhnchen18 ,@BenchMarkFather ,@ganqx ,@kai ,@zhk128 ,@chen_daguan ,@xdzt1986 ,@upper_code ,@SupMario ,@giteeruby ,@Clergy97 ,@chenholmes ,@xu_xi_jian ,@HukunaMatata ,@snn ,@Grooooot ,@algorithmofdish ,@rock ,@huzunhao ,@traffic_millions ,@liuzhiqiang26 ,@euler ,@zhuchunyi ,@Anonymous_Z ,@caihaomin ,@jdkboy ,@lifeng2221dd1 ,@yanxiaobing2020 ,@xiexiuqi ,@yangyingliang ,@liqingqing_1229 ,@love_hangzhou ,@wangxiongfeng ,@Yika ,@rock ,@chxssg ,@volcanodragon ,@guoxiaoqi ,@chengquan ,@steven 
**issue处理注意事项:** 
**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;**
**2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容, 否则无法关闭当前issue;**
**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响))不能省略,省略后cve-manager将无法正常解析填写内容.**
************************************************************************
影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响): 
1.openEuler-20.03-LTS-SP1:
2.openEuler-20.09:

-----------------------------------------------------------------------
issue处理具体操作请参考: 
https://gitee.com/openeuler/cve-manager/blob/master/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

src-openEuler/libvncserver

内容风险标识

评论 (2)

src-openEuler/libvncserver .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2020-14400

评论 (2)

搜索帮助

src-openEuler/libvncserver