PT-2018-3545 · Libvncserver+6 · Libvncserver+6

Pavel Cheremushkin

Published

2018-09-11

Updated

2022-03-10

CVE-2018-21247

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: LibVNCServer versions prior to 0.9.13

Description: The issue is related to the implementation of the ConnectToRFBRepeater function in the LibVNCServer library, which lacks protection of service data. This can lead to an information leak of uninitialized memory contents. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations: For versions prior to 0.9.13, update to version 0.9.13 or later to resolve the issue. As a temporary workaround, consider disabling the ConnectToRFBRepeater function until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-909CWE-200

Related Identifiers

ALSA-2021:1811

ALT-PU-2020-2671

ALT-PU-2020-2694

BDU:2020-03958

CESA-2021_1811

CVE-2018-21247

DLA-1617-1

DSA-4383-1

OPENSUSE-SU-2020:0988-1

OPENSUSE-SU-2020:1025-1

OPENSUSE-SU-2020:1056-1

OPENSUSE-SU-2020_0988-1

OPENSUSE-SU-2020_1025-1

OPENSUSE-SU-2020_1056-1

OPENSUSE-SU-2024:10598-1

RHSA-2021:1811

RHSA-2021_1811

RLSA-2021:1811

SUSE-SU-2020:1922-1

SUSE-SU-2020:2167-1

Affected Products

Alt Linux

Almalinux

Centos

Libvncserver

Red Hat

Rocky Linux

Suse

PT-2018-3545 · Libvncserver+6 · Libvncserver+6

CVE-2018-21247

Weakness Enumeration

Related Identifiers

Affected Products

References · 71