Published: 19/12/2018 Updated: 23/10/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

LibVNC prior to 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows malicious user to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR

Vulnerable Product	Search on Vulmon	Subscribe to Product
libvnc project libvncserver
debian debian linux 9.0
debian debian linux 8.0
canonical ubuntu linux 18.10
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04

Debian Bug report logs - #916941 libvncserver: Multiple security vulnerabilities Package: libvncserver; Maintainer for libvncserver is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Markus Koschany <apo@debianorg> Date: Thu, 20 Dec 2018 18:21:01 UTC Severity: grave Tags: patch, security, upstream Found in ve ...

Several security issues were fixed in LibVNCServer ...

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR ...

CWE-665 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://usn.ubuntu.com/3877-1/https://www.debian.org/security/2019/dsa-4383 https://security.gentoo.org/glsa/201908-05 https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/4547-1/https://usn.ubuntu.com/4587-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941 https://usn.ubuntu.com/3877-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-20023

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect