CVE-2018-20022

Published: Dec 19, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR

Affected (7)

Products: Libvnc Project: Libvncserver · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libvnc Project Libvncserver	Before 0.9.12

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Related CWEs

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (24)

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/

Source: vulnerability@kaspersky.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html

Source: vulnerability@kaspersky.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html

Source: vulnerability@kaspersky.com

https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html

Source: vulnerability@kaspersky.com

https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html

Source: vulnerability@kaspersky.com

https://security.gentoo.org/glsa/201908-05

Source: vulnerability@kaspersky.com

https://security.gentoo.org/glsa/202006-06

Source: vulnerability@kaspersky.com

https://usn.ubuntu.com/3877-1/

Source: vulnerability@kaspersky.com

Third Party Advisory

https://usn.ubuntu.com/4547-1/

Source: vulnerability@kaspersky.com

https://usn.ubuntu.com/4547-2/

Source: vulnerability@kaspersky.com

https://usn.ubuntu.com/4587-1/

Source: vulnerability@kaspersky.com

https://www.debian.org/security/2019/dsa-4383

Source: vulnerability@kaspersky.com

Third Party Advisory

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201908-05

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202006-06

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3877-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4547-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4547-2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4587-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2019/dsa-4383

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.