216.73.216.204

CVE-2026-32854

· Published 24/03/2026 19:16 · Author: The MITRE Corporation

Labels: CVE-2026-32854 2026-03-24CVE-2026-32854CWE-476[email protected]

Essential information

Published
24/03/2026 19:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.5 HIGH (v3.1) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CWE-476
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.

NVD status

NVD
View on NVD