LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an malicious user to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libvnc project libvncserver |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
siemens simatic itc1500 firmware |
||
siemens simatic itc1500 pro firmware |
||
siemens simatic itc1900 firmware |
||
siemens simatic itc1900 pro firmware |
||
siemens simatic itc2200 firmware |
||
siemens simatic itc2200 pro firmware |