LibVNCServer httpd proxy NULL Pointer Dereference_CVE-2026-32854

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Description

LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.

Basic Information

ID CVE-2026-32854

Source VulnCheck

Published Mar 24, 2026 at 17:31

Modified Mar 27, 2026 at 03:52

Affected Product

Vendor LibVNC

Product LibVNCServer

Affected Versions LibVNC LibVNCServer 0

CWE Classification

CWE-476

References

{
    "lastseen": "",
    "description": "LibVNCServer versions 0.9.15 and prior (fixed in\u00a0commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.",
    "published": "2026-03-24T17:31:32.011Z",
    "modified": "2026-03-27T03:52:19.164Z",
    "type": "cve",
    "title": "LibVNCServer httpd proxy NULL Pointer Dereference",
    "source": "VulnCheck",
    "references": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x\nhttps://github.com/LibVNC/libvncserver/commit/dc78dee51a7e270e537a541a17befdf2073f5314\nhttps://www.vulncheck.com/advisories/libvncserver-httpd-proxy-null-pointer-dereference",
    "id": "CVE-2026-32854",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476"
    ],
    "cvelist": null,
    "sourceData": "LibVNC LibVNCServer 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LibVNCServer",
    "version": "0",
    "vendor": "LibVNC",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}