CVE-2018-20022

HIGH

LibVNC <2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 - Info Disclosure

Title source: llm
STIX 2.1

Description

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-05
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202006-06
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4383
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3877-1/
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4547-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4547-2/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4587-1/
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html

Scores

CVSS v3 7.5
EPSS 0.0618
EPSS Percentile 91.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-665
Status published
Products (7)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 18.10
debian/debian_linux 8.0
debian/debian_linux 9.0
libvnc_project/libvncserver < 0.9.12
Published Dec 19, 2018
Tracked Since Feb 18, 2026