PT-2018-2461 · Libvnc+3 · Libvnc+3

Pavel Cheremushkin

Published

2018-09-11

Updated

2021-01-15

CVE-2018-20023

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions LibVNC versions prior to 8b06f835e259652b0ff026898014fc7297ade858

Description The issue is related to improper initialization in the VNC Repeater client code, allowing an attacker to read stack memory. This can lead to information disclosure and, when combined with another vulnerability, can be used to leak the stack memory layout and bypass Address Space Layout Randomization (ASLR). The vulnerability can be exploited by a remote attacker to disclose protected information.

Recommendations For versions prior to 8b06f835e259652b0ff026898014fc7297ade858, update to a version that includes the fix for the improper initialization vulnerability in the VNC Repeater client code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-665

Related Identifiers

ALT-PU-2019-2585

ALT-PU-2019-2662

ALT-PU-2021-1040

BDU:2019-00700

CVE-2018-20023

DLA-1617-1

DLA-1979-1

DSA-4383-1

MGASA-2019-0037

MGASA-2020-0435

OPENSUSE-SU-2019:0053-1

OPENSUSE-SU-2019_0045-1

OPENSUSE-SU-2019_0053-1

OPENSUSE-SU-2024:10598-1

SUSE-SU-2019:0060-1

SUSE-SU-2019:0060-2

SUSE-SU-2019:0080-1

USN-3877-1

USN-4547-1

USN-4587-1

Affected Products

Alt Linux

Libvnc

Suse

Ubuntu

PT-2018-2461 · Libvnc+3 · Libvnc+3

CVE-2018-20023

Weakness Enumeration

Related Identifiers

Affected Products

References · 188