PT-2018-2461 · Libvnc+3 · Libvnc+3

Pavel Cheremushkin

Publicado

2018-09-11

Atualizado

2021-01-15

CVE-2018-20023

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions LibVNC versions prior to 8b06f835e259652b0ff026898014fc7297ade858

Description The issue is related to improper initialization in the VNC Repeater client code, allowing an attacker to read stack memory. This can lead to information disclosure and, when combined with another vulnerability, can be used to leak the stack memory layout and bypass Address Space Layout Randomization (ASLR). The vulnerability can be exploited by a remote attacker to disclose protected information.

Recommendations For versions prior to 8b06f835e259652b0ff026898014fc7297ade858, update to a version that includes the fix for the improper initialization vulnerability in the VNC Repeater client code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Improper Initialization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-665

Identificadores relacionados

ALT-PU-2019-2585

ALT-PU-2019-2662

ALT-PU-2021-1040

BDU:2019-00700

CVE-2018-20023

DLA-1617-1

DLA-1979-1

DSA-4383-1

MGASA-2019-0037

MGASA-2020-0435

OPENSUSE-SU-2019:0053-1

OPENSUSE-SU-2019_0045-1

OPENSUSE-SU-2019_0053-1

OPENSUSE-SU-2024:10598-1

SUSE-SU-2019:0060-1

SUSE-SU-2019:0060-2

SUSE-SU-2019:0080-1

USN-3877-1

USN-4547-1

USN-4587-1

Produtos afetados

Alt Linux

Libvnc

Suse

Ubuntu

PT-2018-2461 · Libvnc+3 · Libvnc+3

CVE-2018-20023

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 188