CVE-2026-42859: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in any1 neatvnc
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security type 129 (RSA-AES-256) handshake with an oversized client RSA public key, causing rsa_aes_send_challenge in src/auth/rsa-aes.c to overflow a 1024-byte on-stack buffer when encrypting the server challenge. This results in at least a denial of service via server crash. This vulnerability is fixed in 0.9.6.
AI Analysis
Technical Summary
CVE-2026-42859 is a classic buffer overflow vulnerability (CWE-120) in neatvnc before version 0.9.6. It occurs in the rsa_aes_send_challenge function within the RSA-AES security type handler when processing a client handshake containing an oversized RSA public key. This overflow affects a 1024-byte on-stack buffer, enabling an unauthenticated remote attacker who can connect to the VNC listening socket to cause a denial of service by crashing the server. The issue is resolved in neatvnc 0.9.6.
Potential Impact
The vulnerability allows unauthenticated remote attackers to cause a denial of service by crashing the neatvnc server. There is no confirmed information about code execution or other impacts. Exploitation requires network access to the VNC listening socket. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade neatvnc to version 0.9.6 or later, where this buffer overflow vulnerability is fixed. Patch status is confirmed by the version fix information. No other mitigations are indicated.
CVE-2026-42859: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in any1 neatvnc
Description
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security type 129 (RSA-AES-256) handshake with an oversized client RSA public key, causing rsa_aes_send_challenge in src/auth/rsa-aes.c to overflow a 1024-byte on-stack buffer when encrypting the server challenge. This results in at least a denial of service via server crash. This vulnerability is fixed in 0.9.6.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-42859 is a classic buffer overflow vulnerability (CWE-120) in neatvnc before version 0.9.6. It occurs in the rsa_aes_send_challenge function within the RSA-AES security type handler when processing a client handshake containing an oversized RSA public key. This overflow affects a 1024-byte on-stack buffer, enabling an unauthenticated remote attacker who can connect to the VNC listening socket to cause a denial of service by crashing the server. The issue is resolved in neatvnc 0.9.6.
Potential Impact
The vulnerability allows unauthenticated remote attackers to cause a denial of service by crashing the neatvnc server. There is no confirmed information about code execution or other impacts. Exploitation requires network access to the VNC listening socket. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade neatvnc to version 0.9.6 or later, where this buffer overflow vulnerability is fixed. Patch status is confirmed by the version fix information. No other mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-30T16:44:48.379Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a021aa3cbff5d8610430392
Added to database: 5/11/2026, 6:06:27 PM
Last enriched: 5/11/2026, 6:22:12 PM
Last updated: 5/12/2026, 3:50:43 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.