Lucene search

GoogleOSV:UBUNTU-CVE-2024-42458

HistoryAug 02, 2024 - 4:17 a.m.

UBUNTU-CVE-2024-42458

2024-08-0204:17:00

Google

osv.dev

neat vnc

server.c

security type

validation

cve-2006-2369

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.

References

github.com/any1/neatvnc/compare/v0.8.0...v0.8.1

github.com/any1/neatvnc/releases/tag/v0.8.1

ubuntu.com/security/CVE-2024-42458

www.cve.org/CVERecord?id=CVE-2024-42458

www.openwall.com/lists/oss-security/2024/08/02/1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

Related for OSV:UBUNTU-CVE-2024-42458