Bug 2450845 (CVE-2026-32854)

Summary: CVE-2026-32854 LibVNCServer: LibVNCServer: Denial of Service via specially crafted HTTP requests
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: crizzo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in LibVNCServer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by sending specially crafted HTTP requests. The flaw exists in the HTTP proxy handlers, where missing validation of certain return values can lead to a null pointer dereference, causing the server to crash. This impacts the availability of the server when HTTPD and proxy features are enabled.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2450888, 2450889    
Bug Blocks:    

Description OSIDB Bzimport 2026-03-24 18:02:14 UTC 
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.