CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
libvnc_projectlibvncserver
𝑥
< 0.9.12
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvncserver
bookworm
0.9.14+dfsg-1
fixed
bullseye
0.9.13+dfsg-2+deb11u1
fixed
sid
0.9.14+dfsg-1
fixed
trixie
0.9.14+dfsg-1
fixed
veyon
bookworm
4.7.5+repack1-1
fixed
bullseye
4.5.3+repack1-1
fixed
sid
4.7.5+repack1-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
italc
bionic
Fixed 1:3.0.3+dfsg1-3ubuntu0.1
released
focal
dne
trusty
dne
xenial
Fixed 1:2.0.2+dfsg1-4ubuntu0.1
released
libvncserver
bionic
Fixed 0.9.11+dfsg-1ubuntu1.1
released
cosmic
Fixed 0.9.11+dfsg-1.1ubuntu0.1
released
disco
not-affected
focal
not-affected
trusty
Fixed 0.9.9+dfsg-1ubuntu1.4
released
xenial
Fixed 0.9.10+dfsg-3ubuntu0.16.04.3
released
x11vnc
bionic
not-affected
cosmic
ignored
disco
not-affected
focal
not-affected
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libvncclient0
suse enterprise desktop 15 SP2
0.9.10-4.3.1
fixed
suse enterprise desktop 15 SP3
0.9.10-4.3.1
fixed
suse enterprise sap 12 SP1
0.9.9-17.8.1
fixed
suse enterprise sap 12 SP3
0.9.9-17.8.1
fixed
suse enterprise sap 12 SP4
0.9.9-17.8.1
fixed
suse enterprise sap 12 SP5
0.9.9-17.14.1
fixed
suse enterprise sap 15 SP2
0.9.10-4.3.1
fixed
suse enterprise sap 15 SP3
0.9.10-4.3.1
fixed
suse enterprise server 12
0.9.9-17.8.1
fixed
suse enterprise server 12 SP1
0.9.9-17.8.1
fixed
suse enterprise server 12 SP2
0.9.9-17.8.1
fixed
suse enterprise server 12 SP3
0.9.9-17.8.1
fixed
suse enterprise server 12 SP4
0.9.9-17.8.1
fixed
suse enterprise server 12 SP5
0.9.9-17.14.1
fixed
suse enterprise server 15 SP2
0.9.10-4.3.1
fixed
suse enterprise server 15 SP3
0.9.10-4.3.1
fixed
suse enterprise workstation 15 SP2
0.9.10-4.3.1
fixed
suse enterprise workstation 15 SP3
0.9.10-4.3.1
fixed
libvncclient1
suse enterprise desktop 15 SP4
0.9.13-150400.1.9
fixed
suse enterprise sap 15 SP4
0.9.13-150400.1.9
fixed
suse enterprise server 15 SP4
0.9.13-150400.1.9
fixed
suse enterprise workstation 15 SP4
0.9.13-150400.1.9
fixed
libvncserver0
suse enterprise desktop 15 SP2
0.9.10-4.3.1
fixed
suse enterprise desktop 15 SP3
0.9.10-4.3.1
fixed
suse enterprise sap 12 SP1
0.9.9-17.8.1
fixed
suse enterprise sap 12 SP3
0.9.9-17.8.1
fixed
suse enterprise sap 12 SP4
0.9.9-17.8.1
fixed
suse enterprise sap 12 SP5
0.9.9-17.14.1
fixed
suse enterprise sap 15 SP2
0.9.10-4.3.1
fixed
suse enterprise sap 15 SP3
0.9.10-4.3.1
fixed
suse enterprise server 12
0.9.9-17.8.1
fixed
suse enterprise server 12 SP1
0.9.9-17.8.1
fixed
suse enterprise server 12 SP2
0.9.9-17.8.1
fixed
suse enterprise server 12 SP3
0.9.9-17.8.1
fixed
suse enterprise server 12 SP4
0.9.9-17.8.1
fixed
suse enterprise server 12 SP5
0.9.9-17.14.1
fixed
suse enterprise server 15 SP2
0.9.10-4.3.1
fixed
suse enterprise server 15 SP3
0.9.10-4.3.1
fixed
suse enterprise workstation 15 SP2
0.9.10-4.3.1
fixed
suse enterprise workstation 15 SP3
0.9.10-4.3.1
fixed
libvncserver1
suse enterprise desktop 15 SP4
0.9.13-150400.1.9
fixed
suse enterprise sap 15 SP4
0.9.13-150400.1.9
fixed
suse enterprise server 15 SP4
0.9.13-150400.1.9
fixed
suse enterprise workstation 15 SP4
0.9.13-150400.1.9
fixed
Common Weakness Enumeration
References
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
https://security.gentoo.org/glsa/201908-05
https://usn.ubuntu.com/3877-1/
https://usn.ubuntu.com/4547-1/
https://usn.ubuntu.com/4587-1/
https://www.debian.org/security/2019/dsa-4383
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
https://security.gentoo.org/glsa/201908-05
https://usn.ubuntu.com/3877-1/
https://usn.ubuntu.com/4547-1/
https://usn.ubuntu.com/4587-1/
https://www.debian.org/security/2019/dsa-4383