LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an malicious user to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libvnc project libvncserver |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
siemens simatic_itc1500_firmware |
||
siemens simatic_itc1500_pro_firmware |
||
siemens simatic_itc1900_firmware |
||
siemens simatic_itc1900_pro_firmware |
||
siemens simatic_itc2200_firmware |
||
siemens simatic_itc2200_pro_firmware |