Description
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
Published: 2026-03-24
Score: 6.3 Medium
EPSS: 5.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

LibVNCServer versions 0.9.15 and earlier contain a null pointer dereference flaw, identified as CWE-476, in the HTTP proxy handlers within httpProcessInput() of httpd.c. The bug arises from missing validation of strchr() return values in the CONNECT and GET proxy paths, which allows an attacker to send a specially crafted HTTP request that triggers a crash, resulting in denial of service.

Affected Systems

LibVNCServer, the VNC server library from the LibVNC project, affects all releases up to and including 0.9.15 when the HTTP daemon and proxy features are enabled. The defect is fixed in commit dc78dee of the LibVNCServer repository.

Risk and Exploitability

The CVSS score of 6.3 classifies the problem as medium severity, and the EPSS score of 5% indicates a moderate likelihood of exploitation. The flaw is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector is remote via crafted HTTP requests received by the httpd component, allowing an unauthorized attacker to cause the VNC server to crash and deny service.

Generated by OpenCVE AI on June 18, 2026 at 13:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibVNCServer to the latest version or apply the patch from commit dc78dee to remove the vulnerability
  • Disable the httpd component or the proxy feature until a patch is available
  • Monitor server logs for anomalous CONNECT or GET requests that may indicate exploitation attempts

Generated by OpenCVE AI on June 18, 2026 at 13:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8463-1 LibVNCServer vulnerabilities
History

Fri, 27 Mar 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Libvncserver Project
Libvncserver Project libvncserver
CPEs cpe:2.3:a:libvncserver_project:libvncserver:*:*:*:*:*:*:*:*
Vendors & Products Libvncserver Project
Libvncserver Project libvncserver
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Libvncserver
Libvncserver libvncserver
Vendors & Products Libvncserver
Libvncserver libvncserver

Wed, 25 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate


Tue, 24 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
Title LibVNCServer httpd proxy NULL Pointer Dereference
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Libvncserver Libvncserver
Libvncserver Project Libvncserver
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-27T03:52:19.164Z

Reserved: 2026-03-16T18:11:41.759Z

Link: CVE-2026-32854

cve-icon Vulnrichment

Updated: 2026-03-27T03:52:15.413Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T18:16:09.423

Modified: 2026-06-17T10:36:27.170

Link: CVE-2026-32854

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-24T17:31:32Z

Links: CVE-2026-32854 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T13:30:05Z

Weaknesses