Home

CVE-2020-26117

Description

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.935

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2020:2881-1(SUSE Linux Enterprise Server 12-SP5 ) libXvnc1-1.6.0-22.17.1.x86_64.rpmLinux
SUSE-SU-2020:2881-1(SUSE Linux Enterprise Server 12-SP5 ) libXvnc1-debuginfo-1.6.0-22.17.1.x86_64.rpmLinux
SUSE-SU-2020:2881-1(SUSE Linux Enterprise Server 12-SP5 ) tigervnc-1.6.0-22.17.1.x86_64.rpmLinux
SUSE-SU-2020:2881-1(SUSE Linux Enterprise Server 12-SP5 ) tigervnc-debuginfo-1.6.0-22.17.1.x86_64.rpmLinux
SUSE-SU-2020:2881-1(SUSE Linux Enterprise Server 12-SP5 ) tigervnc-debugsource-1.6.0-22.17.1.x86_64.rpmLinux
SUSE-SU-2020:2881-1(SUSE Linux Enterprise Server 12-SP5 ) xorg-x11-Xvnc-1.6.0-22.17.1.x86_64.rpmLinux
SUSE-SU-2020:2881-1(SUSE Linux Enterprise Server 12-SP5 ) xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1.x86_64.rpmLinux
(RHSA-2021:1783) tigervnc security, bug fix, and enhancement update tigervnc-1.11.0-6.el8.x86_64.rpmLinux
(RHSA-2021:1783) tigervnc security, bug fix, and enhancement update tigervnc-debugsource-1.11.0-6.el8.x86_64.rpmLinux
(RHSA-2021:1783) tigervnc security, bug fix, and enhancement update tigervnc-icons-1.11.0-6.el8.noarch.rpmLinux
(RHSA-2021:1783) tigervnc security, bug fix, and enhancement update tigervnc-license-1.11.0-6.el8.noarch.rpmLinux
(RHSA-2021:1783) tigervnc security, bug fix, and enhancement update tigervnc-selinux-1.11.0-6.el8.noarch.rpmLinux
(RHSA-2021:1783) tigervnc security, bug fix, and enhancement update tigervnc-server-1.11.0-6.el8.x86_64.rpmLinux
(RHSA-2021:1783) tigervnc security, bug fix, and enhancement update tigervnc-server-minimal-1.11.0-6.el8.x86_64.rpmLinux
(RHSA-2021:1783) tigervnc security, bug fix, and enhancement update tigervnc-server-module-1.11.0-6.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234