First published: Wed Jun 17 2020(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libvncserver | 0.9.13+dfsg-2+deb11u1 0.9.14+dfsg-1 | |
libvncserver | <=0.9.12 | |
Ubuntu | =14.04 | |
Ubuntu | =16.04 | |
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Ubuntu | =18.10 | |
Ubuntu | =20.04 | |
Debian Linux | =8.0 | |
Debian Linux | =9.0 | |
All of | ||
Siemens Simatic ITC1500 | >=3.0.0.0<3.2.1.0 | |
Siemens SIMATIC ITC1500 Firmware | ||
All of | ||
Siemens Simatic ITC1500 Pro | >=3.0.0.0<3.2.1.0 | |
Siemens Simatic ITC1500 Pro | ||
All of | ||
Siemens Simatic ITC1900 Pro | >=3.0.0.0<3.2.1.0 | |
Siemens Simatic ITC1900 Firmware | ||
All of | ||
Siemens Simatic ITC1900 Pro | >=3.0.0.0<3.2.1.0 | |
Siemens Simatic ITC1900 Pro Firmware | ||
All of | ||
Siemens SIMATIC ITC2200 Pro Firmware | >=3.0.0.0<3.2.1.0 | |
Siemens SIMATIC ITC2200 Firmware | ||
All of | ||
Siemens Simatic ITC2200 Pro | >=3.0.0.0<3.2.1.0 | |
Siemens SIMATIC ITC2200 Pro Firmware | ||
SUSE Linux | =15.2 | |
Siemens Simatic ITC1500 | >=3.0.0.0<3.2.1.0 | |
Siemens SIMATIC ITC1500 Firmware | ||
Siemens Simatic ITC1500 Pro | >=3.0.0.0<3.2.1.0 | |
Siemens Simatic ITC1500 Pro | ||
Siemens Simatic ITC1900 Pro | >=3.0.0.0<3.2.1.0 | |
Siemens Simatic ITC1900 Firmware | ||
Siemens Simatic ITC1900 Pro | >=3.0.0.0<3.2.1.0 | |
Siemens Simatic ITC1900 Pro Firmware | ||
Siemens SIMATIC ITC2200 Pro Firmware | >=3.0.0.0<3.2.1.0 | |
Siemens SIMATIC ITC2200 Firmware | ||
Siemens Simatic ITC2200 Pro | >=3.0.0.0<3.2.1.0 | |
Siemens SIMATIC ITC2200 Pro Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-20839 is a vulnerability in LibVNCServer that allows a buffer overflow via a long socket filename.
CVE-2019-20839 has a severity score of 7.5 (high).
The affected software versions of CVE-2019-20839 are: libvncserver 0.9.11+dfsg-1.3+deb10u4, 0.9.11+dfsg-1.3+deb10u5, 0.9.13+dfsg-2+deb11u1, and 0.9.14+dfsg-1 (from Debian) and libvncserver 0.9.11+dfsg-1ubuntu1.3 (from Ubuntu).
To fix CVE-2019-20839, update to libvncserver version 0.9.13+dfsg-2+deb11u1 (from Debian) or libvncserver version 0.9.11+dfsg-1ubuntu1.3 (from Ubuntu).
You can find more information about CVE-2019-20839 at the following references: [GitHub](https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1), [GitHub](https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13), [Debian LTS](https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html).