← Zuruck zu CVEs
CVE-2026-32854
HIGH7.5
Beschreibung
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/24/2026
Zuletzt geandert3/25/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
libvncserver_project:libvncserver
Schwachen (CWE)
CWE-476
Referenzen
https://github.com/LibVNC/libvncserver/commit/dc78dee51a7e270e537a541a17befdf2073f5314(disclosure@vulncheck.com)
https://github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/libvncserver-httpd-proxy-null-pointer-dereference(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.