Heap Out-of-Bound Vulnerabilities in LibVNC Client Code by LibVNC
CVE-2018-20019

9.8CRITICAL

Key Information:

Vendor

Libvnc Project

Status
Libvnc
Vendor
CVE Published:
19 December 2018

What is CVE-2018-20019?

LibVNC contains multiple heap out-of-bound write vulnerabilities in its VNC client code that could allow an attacker to execute arbitrary code remotely. These vulnerabilities could be exploited by crafting a specific input that triggers the out-of-bounds write, ultimately compromising the security of the affected application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LibVNC commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f

References

https://www.debian.org/security/2019/dsa-4383
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/12/msg0...
mailing-listx_refsource_MLIST
https://ics-cert.kaspersky.com/advisories/klcert-advisori...
x_refsource_MISC

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.