PT-2018-2460 · Libvnc+3 · Libvnc+3

Pavel Cheremushkin

Published

2018-09-11

Updated

2021-01-15

CVE-2018-20022

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions LibVNC versions prior to 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838

Description The issue is related to improper initialization in the VNC client code, allowing an attacker to read stack memory. This can be abused for information disclosure. When combined with another weakness, it can leak the stack memory layout and potentially bypass Address Space Layout Randomization (ASLR). The vulnerability can be exploited by a remote attacker to disclose protected information.

Recommendations For LibVNC versions prior to 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838, update to a version that includes the fix for the improper initialization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-665

Related Identifiers

ALT-PU-2019-2585

ALT-PU-2019-2662

ALT-PU-2021-1040

BDU:2019-00699

CVE-2018-20022

DLA-1617-1

DLA-1979-1

DLA-2016-1

DLA-2045-1

DSA-4383-1

MGASA-2019-0037

MGASA-2020-0435

OPENSUSE-SU-2019:0053-1

OPENSUSE-SU-2019_0045-1

OPENSUSE-SU-2019_0053-1

OPENSUSE-SU-2024:10598-1

SUSE-SU-2019:0060-1

SUSE-SU-2019:0060-2

SUSE-SU-2019:0080-1

SUSE-SU-2019:13927-1

USN-3877-1

USN-4547-1

USN-4547-2

USN-4587-1

Affected Products

Alt Linux

Libvnc

Suse

Ubuntu

PT-2018-2460 · Libvnc+3 · Libvnc+3

CVE-2018-20022

Weakness Enumeration

Related Identifiers

Affected Products

References · 212