libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

The remote NewStart CGSL host, running version MAIN 7.02, has libvncserver packages installed that are affected by a vulnerability:

  - libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
    (CVE-2020-29260)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
    (CVE-2020-29260)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of libvncserver installed on the remote host is prior to 0.9.9-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2170 advisory.

    libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
    (CVE-2020-29260)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4330-1 advisory.

  - libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
    (CVE-2020-29260)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3990-1 advisory.

  - libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
    (CVE-2020-29260)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3540-1 advisory.

  - libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
    (CVE-2020-29260)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3125 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3125-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                    Thorsten Alteholz     September 30, 2022                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : libvncserver     Version        : 0.9.11+dfsg-1.3+deb10u5     CVE ID         : CVE-2020-25708 CVE-2020-29260


    Two issues have been found in libvncserver, a library to write one's own     VNC server.


    CVE-2020-25708

        Due to some missing checks, a divide by zero could happen, which could         result in a denial of service.

    CVE-2020-29260

        Due to a memory leak in function rfbClientCleanup() a remote attacker         might be able to cause a denial of service.



    For Debian 10 buster, these problems have been fixed in version     0.9.11+dfsg-1.3+deb10u5.

    We recommend that you upgrade your libvncserver packages.

    For the detailed security status of libvncserver please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libvncserver

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
242829	NewStart CGSL MAIN 7.02 : libvncserver Vulnerability (NS-SA-2025-0182)	Nessus	NewStart CGSL Local Security Checks	high
223555	Linux Distros Unpatched Vulnerability : CVE-2020-29260	Nessus	Misc.	high
178825	Amazon Linux 2 : libvncserver (ALAS-2023-2170)	Nessus	Amazon Linux Local Security Checks	high
168468	SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2022:4330-1)	Nessus	SuSE Local Security Checks	high
167649	SUSE SLED15 / SLES15 Security Update : LibVNCServer (SUSE-SU-2022:3990-1)	Nessus	SuSE Local Security Checks	high
165753	SUSE SLED15 / SLES15 Security Update : LibVNCServer (SUSE-SU-2022:3540-1)	Nessus	SuSE Local Security Checks	high
165593	Debian dla-3125 : libvncclient1 - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2020-29260

high

Tenable Plugins

high

high

high

high

high

high

high