LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
References
Link | Resource |
---|---|
https://www.openwall.com/lists/oss-security/2018/12/10/8 | Exploit Mailing List Third Party Advisory |
https://github.com/LibVNC/libvncserver/issues/273 | Issue Tracking Third Party Advisory |
https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707 | Patch Third Party Advisory |
https://usn.ubuntu.com/3877-1/ | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html | Third Party Advisory |
http://www.securityfocus.com/bid/106825 | Broken Link |
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/4547-1/ | Third Party Advisory |
https://usn.ubuntu.com/4587-1/ | Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Information
Published : 2019-01-30 10:29
Updated : 2022-03-09 13:54
NVD link : CVE-2018-20749
Mitre link : CVE-2018-20749
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
libvnc_project
- libvncserver
siemens
- simatic_itc2200_pro
- simatic_itc1900_pro
- simatic_itc2200_pro_firmware
- simatic_itc2200
- simatic_itc1500_firmware
- simatic_itc1500
- simatic_itc1500_pro
- simatic_itc1900_firmware
- simatic_itc2200_firmware
- simatic_itc1500_pro_firmware
- simatic_itc1900
- simatic_itc1900_pro_firmware
canonical
- ubuntu_linux
debian
- debian_linux