Heap Out-of-Bound Write Vulnerability in LibVNC Client Code by LibVNC
CVE-2018-20020

9.8CRITICAL

Key Information:

Vendor: Libvnc Project
Status: Libvnc
Vendor: CVE Published:; 19 December 2018

Summary

LibVNC prior to a specific commit contains a vulnerability that allows for a heap out-of-bound write in the VNC client code. This flaw can lead to potential remote code execution, enabling an attacker to execute arbitrary code on the affected system. Users are urged to upgrade to a patched version to safeguard their applications.

Affected Version(s)

LibVNC commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d

References

https://www.debian.org/security/2019/dsa-4383

vendor-advisoryx_refsource_DEBIAN

https://lists.debian.org/debian-lts-announce/2018/12/msg0...

mailing-listx_refsource_MLIST

https://usn.ubuntu.com/3877-1/

vendor-advisoryx_refsource_UBUNTU

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2018
Vulnerability Reserved
Dec 10, 2018

.