Description
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
Published: 2026-03-24
Score: 6.3 Medium
EPSS: 1.6% Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

LibVNCServer versions 0.9.15 and earlier contain a null pointer dereference flaw in the HTTP proxy handlers in httpProcessInput() of httpd.c. The issue is caused by missing validation of the return value from strchr() in the CONNECT and GET proxy paths, allowing an attacker to send a crafted HTTP request that triggers a crash of the VNC server. This results in a loss of availability of the service without exposing data or enabling code execution.

Affected Systems

The vulnerability affects all releases of LibVNCServer up to and including 0.9.15 when the HTTP daemon and proxy features are enabled. The bug is fixed in commit dc78dee of the LibVNCServer repository.

Risk and Exploitability

The CVSS score of 6.3 indicates medium severity, and the EPSS score is below 1%, suggesting a low likelihood of exploitation. The issue is not listed in CISA’s catalog of known exploited vulnerabilities. Attackers can exploit the flaw remotely by sending specially crafted HTTP requests without authentication, leading to a denial of service when the server receives those requests.

Generated by OpenCVE AI on March 26, 2026 at 04:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibVNCServer to the latest version or apply the patch from commit dc78dee to remove the vulnerability
  • If an upgrade cannot be performed immediately, disable the httpd component or the proxy feature until a patch is available
  • Monitor server logs for anomalous CONNECT or GET requests that may indicate exploitation attempts
  • After remediation, verify that the server remains stable under normal operational traffic

Generated by OpenCVE AI on March 26, 2026 at 04:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Libvncserver Project
Libvncserver Project libvncserver
CPEs cpe:2.3:a:libvncserver_project:libvncserver:*:*:*:*:*:*:*:*
Vendors & Products Libvncserver Project
Libvncserver Project libvncserver
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Libvncserver
Libvncserver libvncserver
Vendors & Products Libvncserver
Libvncserver libvncserver

Wed, 25 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Tue, 24 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
Title LibVNCServer httpd proxy NULL Pointer Dereference
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Libvncserver Libvncserver
Libvncserver Project Libvncserver
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-27T03:52:19.164Z

Reserved: 2026-03-16T18:11:41.759Z

Link: CVE-2026-32854

cve-icon Vulnrichment

Updated: 2026-03-27T03:52:15.413Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T18:16:09.423

Modified: 2026-03-25T21:57:20.137

Link: CVE-2026-32854

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-24T17:31:32Z

Links: CVE-2026-32854 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:19:41Z

Weaknesses