CVE-2018-20023

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20023

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20023.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-20023

Related

Published

2018-12-19T16:29:00Z

Modified

2024-11-15T05:56:50.635096Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR

References

Affected packages

Debian:11 / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/debian/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11+dfsg-1.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/debian/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11+dfsg-1.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/debian/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11+dfsg-1.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / veyon

Package

Name: veyon
Purl: pkg:deb/debian/veyon?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.4+repack1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / veyon

Package

Name: veyon
Purl: pkg:deb/debian/veyon?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.4+repack1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / veyon

Package

Name: veyon
Purl: pkg:deb/debian/veyon?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.4+repack1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libvnc/libvncserver

Affected ranges

Type: GIT
Repo: https://github.com/libvnc/libvncserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0a70095271d845d16a3ed17354841b01f33963ad

Affected versions

LibVNCServer-0.*

LibVNCServer-0.9.10

LibVNCServer-0.9.11

LibVNCServer-0.9.8

LibVNCServer-0.9.9

Other

X11VNC_0_9_10

X11VNC_0_9_11

X11VNC_0_9_12

X11VNC_0_9_7

X11VNC_0_9_8

X11VNC_0_9_9

X11VNC_REL_0_9_4

X11VNC_REL_0_9_5

X11VNC_REL_0_9_6