vulnerability
Arch Linux: Denial of service (CVE-2019-20382)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:A/AC:L/Au:S/C:N/I:N/A:P) | Mar 5, 2020 | Jul 11, 2025 | Nov 27, 2025 |
Severity
3
CVSS
(AV:A/AC:L/Au:S/C:N/I:N/A:P)
Published
Mar 5, 2020
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A memory leak has been found in in the way VNC display driver of QEMU <= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is enabled. It creates two vncState objects, one of which allocates memory for Zlib's data object. This allocated memory is not free'd upon disconnection resulting in the said memory leakage issue.
A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario.
A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario.
Solution
arch-linux-upgrade-latest
References
- CVE-2019-20382
- https://attackerkb.com/topics/CVE-2019-20382
- URL-http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
- URL-http://www.openwall.com/lists/oss-security/2020/03/05/1
- URL-https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
- URL-https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
- URL-https://security.archlinux.org/ASA-202005-6
- URL-https://usn.ubuntu.com/4372-1/
- URL-https://www.debian.org/security/2020/dsa-4665
- URL-https://www.openwall.com/lists/oss-security/2020/03/05/1
- CWE-401
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.