UBUNTU-CVE-2018-20022
- Source
- https://ubuntu.com/security/CVE-2018-20022
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-20022.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-20022
- Related
- Published
- 2018-12-19T00:00:00Z
- Modified
- 2024-10-15T14:06:37Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
- References
-
- https://ubuntu.com/security/CVE-2018-20022
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
- https://ubuntu.com/security/notices/USN-3877-1
- https://ubuntu.com/security/notices/USN-4547-1
- https://ubuntu.com/security/notices/USN-4547-2
- https://ubuntu.com/security/notices/USN-4587-1
- https://www.cve.org/CVERecord?id=CVE-2018-20022
Affected packages
Ubuntu:14.04:LTS / libvncserver
Package
- Name
- libvncserver
- Purl
- pkg:deb/ubuntu/libvncserver?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.9+dfsg-1ubuntu1.4
Affected versions
0.*
0.9.9+dfsg-1
0.9.9+dfsg-1ubuntu1
0.9.9+dfsg-1ubuntu1.1
0.9.9+dfsg-1ubuntu1.2
0.9.9+dfsg-1ubuntu1.3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.9.9+dfsg-1ubuntu1.4",
"binary_name": "libvncserver-config"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.4",
"binary_name": "libvncserver-config-dbgsym"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.4",
"binary_name": "libvncserver-dev"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.4",
"binary_name": "libvncserver-dev-dbgsym"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.4",
"binary_name": "libvncserver0"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.4",
"binary_name": "libvncserver0-dbg"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.4",
"binary_name": "libvncserver0-dbgsym"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.4",
"binary_name": "linuxvnc"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.4",
"binary_name": "linuxvnc-dbgsym"
}
]
}
Ubuntu:Pro:14.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.9-6.5+deb8u1build0.14.04.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "tightvncserver"
},
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "tightvncserver-dbgsym"
},
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "xtightvncviewer"
},
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "xtightvncviewer-dbgsym"
}
]
}
Ubuntu:16.04:LTS / italc
Package
- Name
- italc
- Purl
- pkg:deb/ubuntu/italc?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.0.2+dfsg1-4ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-client"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-client-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-client-dbgsym"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-management-console"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-management-console-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-management-console-dbgsym"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-master"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-master-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-master-dbgsym"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "libitalccore"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "libitalccore-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "libitalccore-dbgsym"
}
]
}
Ubuntu:16.04:LTS / libvncserver
Package
- Name
- libvncserver
- Purl
- pkg:deb/ubuntu/libvncserver?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.10+dfsg-3ubuntu0.16.04.3
Affected versions
0.*
0.9.10+dfsg-3
0.9.10+dfsg-3build1
0.9.10+dfsg-3ubuntu0.16.04.1
0.9.10+dfsg-3ubuntu0.16.04.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncclient1"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncclient1-dbg"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncclient1-dbgsym"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncserver-config"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncserver-config-dbgsym"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncserver-dev"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncserver-dev-dbgsym"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncserver1"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncserver1-dbg"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.3",
"binary_name": "libvncserver1-dbgsym"
}
]
}
Ubuntu:Pro:16.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=esm-apps/xenial
Ubuntu:18.04:LTS / italc
Package
- Name
- italc
- Purl
- pkg:deb/ubuntu/italc?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.0.3+dfsg1-3ubuntu0.1
Affected versions
1:3.*
1:3.0.3+dfsg1-1
1:3.0.3+dfsg1-2
1:3.0.3+dfsg1-2build1
1:3.0.3+dfsg1-2ubuntu1
1:3.0.3+dfsg1-3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-client"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-client-dbgsym"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-management-console"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-management-console-dbgsym"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-master"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-master-dbgsym"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "libitalccore"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "libitalccore-dbgsym"
}
]
}
Ubuntu:18.04:LTS / libvncserver
Package
- Name
- libvncserver
- Purl
- pkg:deb/ubuntu/libvncserver?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.11+dfsg-1ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.9.11+dfsg-1ubuntu1.1",
"binary_name": "libvncclient1"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.1",
"binary_name": "libvncclient1-dbg"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.1",
"binary_name": "libvncserver-config"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.1",
"binary_name": "libvncserver-dev"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.1",
"binary_name": "libvncserver1"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.1",
"binary_name": "libvncserver1-dbg"
}
]
}
Ubuntu:Pro:18.04:LTS / ssvnc
Package
- Name
- ssvnc
- Purl
- pkg:deb/ubuntu/ssvnc?arch=src?distro=esm-apps/bionic
Ubuntu:Pro:18.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=esm-apps/bionic
Ubuntu:20.04:LTS / ssvnc
Package
- Name
- ssvnc
- Purl
- pkg:deb/ubuntu/ssvnc?arch=src?distro=focal
Ubuntu:20.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=focal
Ubuntu:22.04:LTS / ssvnc
Package
- Name
- ssvnc
- Purl
- pkg:deb/ubuntu/ssvnc?arch=src?distro=jammy
Ubuntu:22.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=jammy
Ubuntu:24.10 / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=oracular