CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
KasperskyCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
libvnc_projectlibvncserver
𝑥
< 0.9.12
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvncserver
bullseye
0.9.13+dfsg-2+deb11u1
fixed
bookworm
0.9.14+dfsg-1
fixed
sid
0.9.14+dfsg-1
fixed
trixie
0.9.14+dfsg-1
fixed
veyon
bullseye
4.5.3+repack1-1
fixed
bookworm
4.7.5+repack1-1
fixed
sid
4.7.5+repack1-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
italc
focal
dne
bionic
Fixed 1:3.0.3+dfsg1-3ubuntu0.1
released
xenial
Fixed 1:2.0.2+dfsg1-4ubuntu0.1
released
trusty
dne
libvncserver
focal
not-affected
disco
not-affected
cosmic
Fixed 0.9.11+dfsg-1.1ubuntu0.1
released
bionic
Fixed 0.9.11+dfsg-1ubuntu1.1
released
xenial
Fixed 0.9.10+dfsg-3ubuntu0.16.04.3
released
trusty
Fixed 0.9.9+dfsg-1ubuntu1.4
released
x11vnc
focal
not-affected
disco
not-affected
cosmic
ignored
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
https://security.gentoo.org/glsa/201908-05
https://usn.ubuntu.com/3877-1/
https://usn.ubuntu.com/4547-1/
https://usn.ubuntu.com/4587-1/
https://www.debian.org/security/2019/dsa-4383
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
https://security.gentoo.org/glsa/201908-05
https://usn.ubuntu.com/3877-1/
https://usn.ubuntu.com/4547-1/
https://usn.ubuntu.com/4587-1/
https://www.debian.org/security/2019/dsa-4383