2469203 – (CVE-2026-42859) CVE-2026-42859 neatvnc: neatvnc: Denial of Service via pre-authentication stack buffer overflow

Bug 2469203 (CVE-2026-42859) - CVE-2026-42859 neatvnc: neatvnc: Denial of Service via pre-authentication stack buffer overflow

Summary: CVE-2026-42859 neatvnc: neatvnc: Denial of Service via pre-authentication sta...

Keywords:
Status:	NEW
Alias:	CVE-2026-42859
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2479809 2479810
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-11 18:03 UTC by OSIDB Bzimport
Modified:	2026-05-19 11:57 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-11 18:03:26 UTC

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security type 129 (RSA-AES-256) handshake with an oversized client RSA public key, causing rsa_aes_send_challenge in src/auth/rsa-aes.c to overflow a 1024-byte on-stack buffer when encrypting the server challenge. This results in at least a denial of service via server crash. This vulnerability is fixed in 0.9.6.

Note You need to log in before you can comment on or make changes to this bug.