An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Upstream commit: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553
Created libvncserver tracking bugs for this issue: Affects: epel-7 [bug 1860341] Affects: fedora-all [bug 1860342]
Statement: versions of libvncserver and vino that ship with Red Hat Enterprise Linux 6 through 8 (inclusive) are not affected because the vulnerable code was introduced in a later version.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14396