CVE-2018-20022
Last modified
CVE-2018-20022 is a vulnerability of currently unknown severity. LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR. EPSS estimates a 2.94% chance of exploitation in the next 30 days.
Description
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Libvnc Project | Libvncserver | < 0.9.12 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 16.04 |
| Canonical | Ubuntu Linux | 18.04 |
| Canonical | Ubuntu Linux | 18.10 |
References
- https://lists.debian.org/debian-lts-announce/2018/12/msg00017.htmlMailing List, Third Party Advisory
- https://usn.ubuntu.com/3877-1/Third Party Advisory
- https://www.debian.org/security/2019/dsa-4383Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/12/msg00017.htmlMailing List, Third Party Advisory
- https://usn.ubuntu.com/3877-1/Third Party Advisory
- https://www.debian.org/security/2019/dsa-4383Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-20022?
How severe is CVE-2018-20022?
How do I fix CVE-2018-20022?
Are you affected by CVE-2018-20022?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST