CVE-2020-26117

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
tigervnctigervnc
𝑥
< 1.11.0
debiandebian_linux
9.0
opensuseleap
15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tigervnc
bookworm
1.12.0+dfsg-8
fixed
bullseye
1.11.0+dfsg-2+deb11u1
fixed
sid
1.13.1+dfsg-3
fixed
trixie
1.13.1+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tigervnc
bionic
needs-triage
focal
Fixed 1.10.1+dfsg-3ubuntu0.20.04.1+esm1
released
groovy
ignored
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libXvnc1
suse enterprise desktop 15 SP1
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP2
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP3
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise desktop 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise desktop 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise desktop 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise sap 12 SP2
1.6.0-27.1
fixed
suse enterprise sap 12 SP3
1.6.0-27.1
fixed
suse enterprise sap 12 SP5
1.6.0-22.17.1
fixed
suse enterprise sap 15 SP1
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP2
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP3
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise sap 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise sap 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise sap 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise server 12 SP2
1.6.0-27.1
fixed
suse enterprise server 12 SP3
1.6.0-27.1
fixed
suse enterprise server 12 SP4
1.6.0-22.17.1
fixed
suse enterprise server 12 SP5
1.6.0-22.17.1
fixed
suse enterprise server 15
1.8.0-13.14.1
fixed
suse enterprise server 15 SP1
1.9.0-19.9.1
fixed
suse enterprise server 15 SP2
1.9.0-19.9.1
fixed
suse enterprise server 15 SP3
1.9.0-19.9.1
fixed
suse enterprise server 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise server 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise server 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise server 15 SP7
1.14.1-150700.2.5
fixed
tigervnc
suse enterprise desktop 15 SP1
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP2
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP3
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise desktop 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise desktop 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise desktop 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise sap 12 SP2
1.6.0-27.1
fixed
suse enterprise sap 12 SP3
1.6.0-27.1
fixed
suse enterprise sap 12 SP5
1.6.0-22.17.1
fixed
suse enterprise sap 15 SP1
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP2
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP3
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise sap 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise sap 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise sap 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise server 12 SP2
1.6.0-27.1
fixed
suse enterprise server 12 SP3
1.6.0-27.1
fixed
suse enterprise server 12 SP4
1.6.0-22.17.1
fixed
suse enterprise server 12 SP5
1.6.0-22.17.1
fixed
suse enterprise server 15
1.8.0-13.14.1
fixed
suse enterprise server 15 SP1
1.9.0-19.9.1
fixed
suse enterprise server 15 SP2
1.9.0-19.9.1
fixed
suse enterprise server 15 SP3
1.9.0-19.9.1
fixed
suse enterprise server 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise server 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise server 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise server 15 SP7
1.14.1-150700.2.5
fixed
xorg-x11-Xvnc
suse enterprise desktop 15 SP1
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP2
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP3
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise desktop 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise desktop 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise desktop 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise sap 12 SP2
1.6.0-27.1
fixed
suse enterprise sap 12 SP3
1.6.0-27.1
fixed
suse enterprise sap 12 SP5
1.6.0-22.17.1
fixed
suse enterprise sap 15 SP1
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP2
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP3
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise sap 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise sap 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise sap 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise server 12 SP2
1.6.0-27.1
fixed
suse enterprise server 12 SP3
1.6.0-27.1
fixed
suse enterprise server 12 SP4
1.6.0-22.17.1
fixed
suse enterprise server 12 SP5
1.6.0-22.17.1
fixed
suse enterprise server 15
1.8.0-13.14.1
fixed
suse enterprise server 15 SP1
1.9.0-19.9.1
fixed
suse enterprise server 15 SP2
1.9.0-19.9.1
fixed
suse enterprise server 15 SP3
1.9.0-19.9.1
fixed
suse enterprise server 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise server 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise server 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise server 15 SP7
1.14.1-150700.2.5
fixed
xorg-x11-Xvnc-module
suse enterprise desktop 15 SP1
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP2
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP3
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise desktop 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise desktop 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise desktop 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise sap 15 SP1
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP2
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP3
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise sap 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise sap 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise sap 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise server 15 SP1
1.9.0-19.9.1
fixed
suse enterprise server 15 SP2
1.9.0-19.9.1
fixed
suse enterprise server 15 SP3
1.9.0-19.9.1
fixed
suse enterprise server 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise server 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise server 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise server 15 SP7
1.14.1-150700.2.5
fixed
xorg-x11-Xvnc-novnc
suse enterprise desktop 15 SP1
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP2
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP3
1.9.0-19.9.1
fixed
suse enterprise desktop 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise desktop 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise desktop 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise desktop 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise sap 15 SP1
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP2
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP3
1.9.0-19.9.1
fixed
suse enterprise sap 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise sap 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise sap 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise sap 15 SP7
1.14.1-150700.2.5
fixed
suse enterprise server 15
1.8.0-13.14.1
fixed
suse enterprise server 15 SP1
1.9.0-19.9.1
fixed
suse enterprise server 15 SP2
1.9.0-19.9.1
fixed
suse enterprise server 15 SP3
1.9.0-19.9.1
fixed
suse enterprise server 15 SP4
1.10.1-150400.5.6
fixed
suse enterprise server 15 SP5
1.12.0-150500.2.6
fixed
suse enterprise server 15 SP6
1.13.1-150600.2.6
fixed
suse enterprise server 15 SP7
1.14.1-150700.2.5
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
tigervnc
RHEL 8
0:1.11.0-6.el8
fixed
tigervnc-icons
RHEL 8
0:1.11.0-6.el8
fixed
tigervnc-license
RHEL 8
0:1.11.0-6.el8
fixed
tigervnc-selinux
RHEL 8
0:1.11.0-6.el8
fixed
tigervnc-server
RHEL 8
0:1.11.0-6.el8
fixed
tigervnc-server-minimal
RHEL 8
0:1.11.0-6.el8
fixed
tigervnc-server-module
RHEL 8
0:1.11.0-6.el8
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00024.html
https://bugzilla.opensuse.org/show_bug.cgi?id=1176733
https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb
https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b
https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba
https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e
https://github.com/TigerVNC/tigervnc/releases/tag/v1.11.0
https://lists.debian.org/debian-lts-announce/2020/10/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00024.html
https://bugzilla.opensuse.org/show_bug.cgi?id=1176733
https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb
https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b
https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba
https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e
https://github.com/TigerVNC/tigervnc/releases/tag/v1.11.0
https://lists.debian.org/debian-lts-announce/2020/10/msg00007.html