Search for vulnerabilities
Vulnerability details: VCID-9v5m-a7zv-aaab
Vulnerability ID VCID-9v5m-a7zv-aaab
Aliases CVE-2014-6053
Summary The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-19 Data Processing Errors
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6053.html
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1826
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1827
epss 0.11453 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11453 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11453 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11453 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11453 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11453 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11453 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11453 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11453 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11957 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11957 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11957 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.11957 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.12426 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.12426 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.32194 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.38476 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.38476 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.38476 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.38476 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.38476 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.38476 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.38476 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
epss 0.40511 https://api.first.org/data/v1/epss?cve=CVE-2014-6053
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1144289
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055
generic_textual Medium http://seclists.org/oss-sec/2014/q3/639
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-6053
generic_textual Medium https://ubuntu.com/security/notices/USN-2365-1
generic_textual Medium https://ubuntu.com/security/notices/USN-4573-1
generic_textual Low https://ubuntu.com/security/notices/USN-4587-1
generic_textual Medium http://www.kde.org/info/security/advisory-20140923-1.txt
generic_textual Medium http://www.ocert.org/advisories/ocert-2014-007.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6053.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6053.json
https://api.first.org/data/v1/epss?cve=CVE-2014-6053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055
http://seclists.org/oss-sec/2014/q3/639
http://secunia.com/advisories/61506
http://secunia.com/advisories/61682
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
https://security.gentoo.org/glsa/201507-07
https://ubuntu.com/security/notices/USN-2365-1
https://ubuntu.com/security/notices/USN-4573-1
https://ubuntu.com/security/notices/USN-4587-1
https://usn.ubuntu.com/4573-1/
https://usn.ubuntu.com/4587-1/
http://ubuntu.com/usn/usn-2365-1
http://www.debian.org/security/2014/dsa-3081
http://www.kde.org/info/security/advisory-20140923-1.txt
http://www.ocert.org/advisories/ocert-2014-007.html
http://www.openwall.com/lists/oss-security/2014/09/25/11
1144289 https://bugzilla.redhat.com/show_bug.cgi?id=1144289
762745 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745
cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVE-2014-6053 https://nvd.nist.gov/vuln/detail/CVE-2014-6053
RHSA-2014:1826 https://access.redhat.com/errata/RHSA-2014:1826
RHSA-2014:1827 https://access.redhat.com/errata/RHSA-2014:1827
USN-2365-1 https://usn.ubuntu.com/2365-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-6053
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95401
EPSS Score 0.11453
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.