Improper Initialization Vulnerability in LibVNC by LibVNCServer
CVE-2018-20023

7.5HIGH

Key Information:

Vendor
Libvnc Project
Status
Libvnc
Vendor
CVE Published:
19 December 2018

Summary

LibVNC prior to the specified commit introduces an improper initialization vulnerability in the VNC Repeater client code. This flaw can potentially allow an attacker to read stack memory, leading to information disclosure risks. If exploited in combination with other vulnerabilities, it may enable attackers to leak stack memory layouts and bypass Address Space Layout Randomization (ASLR), further increasing the potential for exploitation.

Affected Version(s)

LibVNC commit 8b06f835e259652b0ff026898014fc7297ade858

References

https://ics-cert.kaspersky.com/advisories/klcert-advisori...
x_refsource_MISC
https://www.debian.org/security/2019/dsa-4383
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/12/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.