CVE-2020-26117
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-26117
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26117.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-26117
- Downstream
- Related
- Published
- 2020-09-27T04:15:11Z
- Modified
- 2025-10-21T05:49:38.814638Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00024.html
- https://bugzilla.opensuse.org/show_bug.cgi?id=1176733
- https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb
- https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b
- https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba
- https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.11.0
- https://lists.debian.org/debian-lts-announce/2020/10/msg00007.html
Affected packages
Git / github.com/tigervnc/tigervnc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tigervnc/tigervnc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/tigervnc/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba",
"target": {
"file": "common/rfb/CSecurityTLS.cxx"
},
"id": "CVE-2020-26117-19f71fbe",
"deprecated": false,
"digest": {
"line_hashes": [
"263214322393408254260605549209686920776",
"340218197713879364519904928505928323817",
"265810417532971925276039608667021944840",
"87970873708132661354644512840402019446",
"300699054843167153655286684315137057490",
"164552726582983008666846810611097800591",
"44615290605528466953362371164006484364",
"103848164657440654177727747552846674516",
"152995984252069465373706074680041738024",
"224188781060234344961706645279913701938",
"248692748919983500288094581078436711057",
"174691128926293410565358892221930411903",
"214238083254559910563304439164533046558",
"213296741597080508649362002215284469969",
"143157829155743455154744212000718832466",
"124914608028022645447878518161198060247",
"202389399686940422438919541121567111745",
"154879259351855591937610514540899234054",
"86156144306735322566613265414823887214",
"64983589881964372285336756084123892867",
"29849385229262091254341847817116254117",
"257498437327476931408350979006736153885",
"75030434748687170618585101679473643779",
"176146611924789049808777870681011510928",
"104666090561362156377636915665421757331",
"177755207096890515885463460690297722394",
"70175214386111700195449851238439535491",
"61989777311364316396425281345691132272",
"250221114018920324057281303981284176710",
"307313871574534274878813563327105252677",
"131436535749357470954019527677490526257",
"328146917239871589009913792651517393528",
"179452115654797436825194683809663894280",
"309920327776155037017954373833707631523",
"13508452173870920467087194477289560486",
"304629640896755118783829335041177903214",
"86928767823511955829968133917688387580",
"111235542167029993851311340411151454710",
"81645841122743510593479228142836250763",
"190021969294927712065409863975059799568",
"84761604777184184418405348863985527473",
"230219580313496022869481131829808894356",
"246487152823262660887901119492191033242",
"225406243624184470315496388970452546982",
"83302603859383727813384300730640431519",
"66417368719008689052096949860666966345",
"97039647734427964399281093046594510431",
"279309249801450887729749605230253685076",
"267181665381862134241477543681541094556",
"47843624719877106759787086793688485631",
"2636119635564817466577767689115821376",
"201387575904897796512926306069928464908",
"143965408374202549540519150630601185894",
"40827157563397065192608995555259968693",
"266931591069126340724896943176313920313",
"93546517334927694343899834573780244559",
"198365803604563852760739409792537246455",
"223604652154849951866199781521286863062",
"71610483470377247526170603824101751385",
"108722168639355652159744726559679615326",
"4414446391156346598771017202005340327",
"27323057166928396410356996763603314535",
"211218431164198948075823940241107869221",
"320601668993721110806643122925865169404",
"152730948427229885824349151764261802720",
"52026990640962902289856795886908131879",
"63604712016446620971815521732643394423",
"75426374539086321220727477348551745025",
"85138367514738803171437275417993789613",
"53302489509048722616022818231248572902",
"102887284832336077290315771760258538978",
"7328998931768003638298835777769009670",
"174734608297700673135715809125294524395",
"16625777745903634272226653728882268479",
"216908421977846639795176175660168497540",
"203745948117592999426904998636585405611",
"187856409820637445907237918033854963110",
"288561031059781565136128210592787267143",
"90592481303161552805733368040086996217",
"179377746466428180176105515363902806816",
"34984507469221483754390721683283847356",
"305314871354220264525228261334441197332",
"91352138594475261118773591965501346230",
"258801705487683239539801212219153932233",
"19484426234212316489985654619432444192",
"283572624698696957581999389971462936853",
"287936696848325603457424214164536432786",
"328163728519969632072940587247571833450",
"159904244579816374470837565290636687946",
"158907556302437409789714384082536833080",
"87919754723724172547907625652001571962"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e",
"target": {
"function": "checkServerTrusted",
"file": "java/com/tigervnc/rfb/CSecurityTLS.java"
},
"id": "CVE-2020-26117-27cba9f8",
"deprecated": false,
"digest": {
"function_hash": "276666865752570552465495491833409124911",
"length": 2641.0
},
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb",
"target": {
"file": "java/com/tigervnc/rfb/CSecurityTLS.java"
},
"id": "CVE-2020-26117-2d94e76f",
"deprecated": false,
"digest": {
"line_hashes": [
"254879959597166708755377749650092146197",
"91374251727540154784640120542065135707",
"317750636556665453140357267196333903036",
"122034930550491273858260519664642317549",
"15306066965717648274846281460961221552",
"8359757768283778176100266673814333688",
"195594014990822937998606006608676353137",
"163907564754652202958727677559930791291",
"191173020480441151243054271238796557056",
"176391867862463755035176769380039744987",
"215949152956701877350863480872190827485",
"301925422789395614728725500503903357093",
"171141906967346827141715997120599041976",
"259836959624830035168989233040149512796",
"171400388409850029316434364067787245533",
"280797236001931874598265213314956196231",
"234853621643550317150043400232918937596",
"298138712047860620118991865280549173326",
"241867655132983065551386911308344740942",
"275985508854433839568890994699471561170",
"37716473888198639734582598260815432593",
"115638908104793614950864061757061052188",
"23890399186960892481985154487246799250",
"112456401072074104998263163674961375355",
"132613737626536205442413759437815439948",
"276909342171975476205366415546481182536",
"262161241997242183815333375110498740128",
"210386239589110699861056986189035039293",
"154031391660635096177071401801736552667",
"262951142028915106348881470456900793118",
"211404710298499267591154693129600179358",
"180876876878939480545105054429109936139",
"221218545074832050248923509876989254863",
"167930801113009357847765312407235664269",
"16215466250138313959273349094469010439",
"302548827383446955325381188304407746119",
"230607873021703531616651766072869775501",
"275271691056273547307731678213069818383",
"52480264368752283306814528045733057384",
"110094185248068617651578191089652689074",
"295437726373908906170821333999014637020",
"159893366148396533924476947028257476592",
"337655009449511567704292048193555671302",
"235109380811030652495271224962294868347",
"313664500469646561696614838650422521822",
"85071562909927606855282943384190447116",
"105623375990431245771884164164052012675",
"34066462780277851660343757683853693274",
"14256153534036762110284359629725201684",
"234705357188647279575606479248055096057",
"2045440066189240568615128474422196585",
"250483951101915926401103682101526511642",
"322286450437971710761055480809829416957",
"338951865573711907685798198207872699889",
"189271582741122875855675895314226238789",
"322532572360941536145539758310905975617",
"252747538684603118245562326705704777590",
"57774115659019667675187307953677546450",
"78236115644600910666108049033713959711",
"328574336174015539613824392791933867233",
"94978226231476831651657999490819173687",
"258011737209223364754710918939293936060",
"301039337978069029157573332249962744751",
"49878952997896672656256115008628934177",
"141011388073116832040079848902629628980",
"209426839997604428257636479502961932511",
"326376275745100108847494443313026079285",
"252924066458013103370019354674249438284",
"96519674172655070622995271013051783950",
"12588656660915139206624106126851091988",
"216140370357140389066494044291736249624",
"10247107177776105081068420504935270357",
"298262449128677742073543154189804171335",
"266579077171081317923228257089898474463",
"186655021405025787473472938203908035627",
"135288382373364252247293129000320938176",
"33922577972372784637579595521793618648",
"86433196583906963845356328707397126959",
"297343985385585626126475039174990947154",
"192134324957365557258796984240847509529",
"259954945552822637932455911528933080032",
"187790039851367162610372532627211978216",
"254653553625335318806707780114029310382",
"253346221738326479658918580967898495721",
"295296897767744238230610301969502014456",
"198034381278607021475773071460387823253",
"210468809876189970164919975811144121437"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b",
"target": {
"function": "CSecurityTLS::setParam",
"file": "common/rfb/CSecurityTLS.cxx"
},
"id": "CVE-2020-26117-3cd597da",
"deprecated": false,
"digest": {
"function_hash": "340027552213134010602828033501919163408",
"length": 2289.0
},
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba",
"target": {
"function": "CSecurityTLS::checkSession",
"file": "common/rfb/CSecurityTLS.cxx"
},
"id": "CVE-2020-26117-43dc9a62",
"deprecated": false,
"digest": {
"function_hash": "80294187960653727781454827179465497854",
"length": 4628.0
},
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb",
"target": {
"function": "checkServerTrusted",
"file": "java/com/tigervnc/rfb/CSecurityTLS.java"
},
"id": "CVE-2020-26117-5e926430",
"deprecated": false,
"digest": {
"function_hash": "276666865752570552465495491833409124911",
"length": 2641.0
},
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b",
"target": {
"file": "common/rfb/CSecurityTLS.cxx"
},
"id": "CVE-2020-26117-6d864444",
"deprecated": false,
"digest": {
"line_hashes": [
"263214322393408254260605549209686920776",
"340218197713879364519904928505928323817",
"265810417532971925276039608667021944840",
"87970873708132661354644512840402019446",
"300699054843167153655286684315137057490",
"164552726582983008666846810611097800591",
"44615290605528466953362371164006484364",
"103848164657440654177727747552846674516",
"152995984252069465373706074680041738024",
"224188781060234344961706645279913701938",
"248692748919983500288094581078436711057",
"174691128926293410565358892221930411903",
"214238083254559910563304439164533046558",
"213296741597080508649362002215284469969",
"143157829155743455154744212000718832466",
"124914608028022645447878518161198060247",
"202389399686940422438919541121567111745",
"154879259351855591937610514540899234054",
"86156144306735322566613265414823887214",
"64983589881964372285336756084123892867",
"29849385229262091254341847817116254117",
"257498437327476931408350979006736153885",
"75030434748687170618585101679473643779",
"176146611924789049808777870681011510928",
"104666090561362156377636915665421757331",
"177755207096890515885463460690297722394",
"70175214386111700195449851238439535491",
"61989777311364316396425281345691132272",
"250221114018920324057281303981284176710",
"307313871574534274878813563327105252677",
"131436535749357470954019527677490526257",
"328146917239871589009913792651517393528",
"179452115654797436825194683809663894280",
"309920327776155037017954373833707631523",
"13508452173870920467087194477289560486",
"304629640896755118783829335041177903214",
"86928767823511955829968133917688387580",
"111235542167029993851311340411151454710",
"81645841122743510593479228142836250763",
"190021969294927712065409863975059799568",
"84761604777184184418405348863985527473",
"230219580313496022869481131829808894356",
"246487152823262660887901119492191033242",
"225406243624184470315496388970452546982",
"83302603859383727813384300730640431519",
"66417368719008689052096949860666966345",
"97039647734427964399281093046594510431",
"279309249801450887729749605230253685076",
"267181665381862134241477543681541094556",
"47843624719877106759787086793688485631",
"2636119635564817466577767689115821376",
"201387575904897796512926306069928464908",
"143965408374202549540519150630601185894",
"40827157563397065192608995555259968693",
"266931591069126340724896943176313920313",
"93546517334927694343899834573780244559",
"198365803604563852760739409792537246455",
"223604652154849951866199781521286863062",
"71610483470377247526170603824101751385",
"108722168639355652159744726559679615326",
"4414446391156346598771017202005340327",
"27323057166928396410356996763603314535",
"211218431164198948075823940241107869221",
"320601668993721110806643122925865169404",
"152730948427229885824349151764261802720",
"52026990640962902289856795886908131879",
"63604712016446620971815521732643394423",
"75426374539086321220727477348551745025",
"85138367514738803171437275417993789613",
"53302489509048722616022818231248572902",
"102887284832336077290315771760258538978",
"7328998931768003638298835777769009670",
"174734608297700673135715809125294524395",
"16625777745903634272226653728882268479",
"216908421977846639795176175660168497540",
"203745948117592999426904998636585405611",
"187856409820637445907237918033854963110",
"288561031059781565136128210592787267143",
"90592481303161552805733368040086996217",
"179377746466428180176105515363902806816",
"34984507469221483754390721683283847356",
"305314871354220264525228261334441197332",
"91352138594475261118773591965501346230",
"258801705487683239539801212219153932233",
"19484426234212316489985654619432444192",
"283572624698696957581999389971462936853",
"287936696848325603457424214164536432786",
"328163728519969632072940587247571833450",
"159904244579816374470837565290636687946",
"158907556302437409789714384082536833080",
"87919754723724172547907625652001571962"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e",
"target": {
"file": "java/com/tigervnc/rfb/CSecurityTLS.java"
},
"id": "CVE-2020-26117-798fe38a",
"deprecated": false,
"digest": {
"line_hashes": [
"254879959597166708755377749650092146197",
"91374251727540154784640120542065135707",
"317750636556665453140357267196333903036",
"122034930550491273858260519664642317549",
"15306066965717648274846281460961221552",
"8359757768283778176100266673814333688",
"195594014990822937998606006608676353137",
"163907564754652202958727677559930791291",
"191173020480441151243054271238796557056",
"176391867862463755035176769380039744987",
"215949152956701877350863480872190827485",
"301925422789395614728725500503903357093",
"171141906967346827141715997120599041976",
"259836959624830035168989233040149512796",
"171400388409850029316434364067787245533",
"280797236001931874598265213314956196231",
"234853621643550317150043400232918937596",
"298138712047860620118991865280549173326",
"241867655132983065551386911308344740942",
"275985508854433839568890994699471561170",
"37716473888198639734582598260815432593",
"115638908104793614950864061757061052188",
"23890399186960892481985154487246799250",
"112456401072074104998263163674961375355",
"132613737626536205442413759437815439948",
"276909342171975476205366415546481182536",
"262161241997242183815333375110498740128",
"210386239589110699861056986189035039293",
"154031391660635096177071401801736552667",
"262951142028915106348881470456900793118",
"211404710298499267591154693129600179358",
"180876876878939480545105054429109936139",
"221218545074832050248923509876989254863",
"167930801113009357847765312407235664269",
"16215466250138313959273349094469010439",
"302548827383446955325381188304407746119",
"230607873021703531616651766072869775501",
"275271691056273547307731678213069818383",
"52480264368752283306814528045733057384",
"110094185248068617651578191089652689074",
"295437726373908906170821333999014637020",
"159893366148396533924476947028257476592",
"337655009449511567704292048193555671302",
"235109380811030652495271224962294868347",
"313664500469646561696614838650422521822",
"85071562909927606855282943384190447116",
"105623375990431245771884164164052012675",
"34066462780277851660343757683853693274",
"14256153534036762110284359629725201684",
"234705357188647279575606479248055096057",
"2045440066189240568615128474422196585",
"250483951101915926401103682101526511642",
"322286450437971710761055480809829416957",
"338951865573711907685798198207872699889",
"189271582741122875855675895314226238789",
"322532572360941536145539758310905975617",
"252747538684603118245562326705704777590",
"57774115659019667675187307953677546450",
"78236115644600910666108049033713959711",
"328574336174015539613824392791933867233",
"94978226231476831651657999490819173687",
"258011737209223364754710918939293936060",
"301039337978069029157573332249962744751",
"49878952997896672656256115008628934177",
"141011388073116832040079848902629628980",
"209426839997604428257636479502961932511",
"326376275745100108847494443313026079285",
"252924066458013103370019354674249438284",
"96519674172655070622995271013051783950",
"12588656660915139206624106126851091988",
"216140370357140389066494044291736249624",
"10247107177776105081068420504935270357",
"298262449128677742073543154189804171335",
"266579077171081317923228257089898474463",
"186655021405025787473472938203908035627",
"135288382373364252247293129000320938176",
"33922577972372784637579595521793618648",
"86433196583906963845356328707397126959",
"297343985385585626126475039174990947154",
"192134324957365557258796984240847509529",
"259954945552822637932455911528933080032",
"187790039851367162610372532627211978216",
"254653553625335318806707780114029310382",
"253346221738326479658918580967898495721",
"295296897767744238230610301969502014456",
"198034381278607021475773071460387823253",
"210468809876189970164919975811144121437"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb",
"target": {
"function": "verifyHostname",
"file": "java/com/tigervnc/rfb/CSecurityTLS.java"
},
"id": "CVE-2020-26117-79afcdd1",
"deprecated": false,
"digest": {
"function_hash": "22395545444703093718200764744037241309",
"length": 1503.0
},
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e",
"target": {
"function": "verifyHostname",
"file": "java/com/tigervnc/rfb/CSecurityTLS.java"
},
"id": "CVE-2020-26117-8a84b8ec",
"deprecated": false,
"digest": {
"function_hash": "22395545444703093718200764744037241309",
"length": 1503.0
},
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba",
"target": {
"function": "CSecurityTLS::setParam",
"file": "common/rfb/CSecurityTLS.cxx"
},
"id": "CVE-2020-26117-ac00d44c",
"deprecated": false,
"digest": {
"function_hash": "340027552213134010602828033501919163408",
"length": 2289.0
},
"signature_version": "v1",
"signature_type": "Function"
},
{
"source": "https://github.com/tigervnc/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b",
"target": {
"function": "CSecurityTLS::checkSession",
"file": "common/rfb/CSecurityTLS.cxx"
},
"id": "CVE-2020-26117-df851afe",
"deprecated": false,
"digest": {
"function_hash": "80294187960653727781454827179465497854",
"length": 4628.0
},
"signature_version": "v1",
"signature_type": "Function"
}
]