Bug 1849877 (CVE-2019-20839)
Summary: | CVE-2019-20839 libvncserver: buffer overflow in ConnectClientToUnixSock() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jadahl, negativo17, rdieter |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-05-18 14:34:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1849878, 1849879, 1851032, 1851033 | ||
Bug Blocks: | 1849880 |
Description
Marian Rehak
2020-06-23 06:25:19 UTC
Created libvncserver tracking bugs for this issue: Affects: epel-7 [bug 1849879] Affects: fedora-all [bug 1849878] Statement: This is only an issue if the "ConnectClientToUnixSock()" function is used directly with an overly long socket name. It's more common that the "ConnectToRFBServer()" function is used, which would prevent exploiting this flaw as it performs additional checks. Additionally, the buffer overflow is caught by compiled-in buffer overflow checks, limiting the impact to a crash. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-20839 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1811 https://access.redhat.com/errata/RHSA-2021:1811 |