CVE-2019-20788 – libvncserver: integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function
https://notcve.org/view.php?id=CVE-2019-20788
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. En la biblioteca libvncclient/cursor.c en LibVNCServer versiones hasta 0.9.12, tiene un desbordamiento de enteros en la función HandleCursorShape y un desbordamiento de búfer en la región heap de la memoria por medio de un valor de alto o ancho grande. A flaw was found in libvncserver in versions through 0.9.12. A large height or width value may cause an integer overflow or a heap-based buffer overflow. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient https://usn.ubuntu.com/4407-1 https://access.redhat.com/security/cve/CVE-2019-20788 https://bugzilla.redhat.com/show_bug.cgi?id=1829870 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2010-5304
https://notcve.org/view.php?id=CVE-2010-5304
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. Se encontró un fallo de desreferencia del puntero NULL en la manera en que LibVNCServer versiones anteriores a 0.9.9 manejaba determinado mensaje de ClientCutText. Un atacante remoto podría utilizar este fallo para bloquear el servidor VNC mediante el envío de un mensaje ClientCutText especialmente diseñado desde un cliente VNC. • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139814.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140219.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html http://seclists.org/oss-sec/2014/q3/639 http://www.openwall.com/lists/oss-security/2014/09/23/6 • CWE-476: NULL Pointer Dereference •
CVE-2019-15681
https://notcve.org/view.php?id=CVE-2019-15681
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. LibVNC en el commit anterior a d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a, contiene una pérdida de memoria (CWE-655) en el código del servidor VNC, lo que permite a un atacante leer la memoria de la pila y puede ser abusada para la divulgación de información. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https:/ • CWE-665: Improper Initialization •
CVE-2018-20748
https://notcve.org/view.php?id=CVE-2018-20748
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. LibVNC, en versiones anteriores a la 0.9.12, contiene múltiples vulnerabilidades de escritura fuera de límites en la memoria dinámica (heap) en libvncclient/rfbproto.c. La solución para CVE-2018-20019 era incompleta. • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7 https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c https://github.com/LibVNC/libvncserver/issues/273 https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html https://lists.debian.org/ • CWE-787: Out-of-bounds Write •
CVE-2018-20749
https://notcve.org/view.php?id=CVE-2018-20749
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC, en versiones anteriores a la 0.9.12, contiene una vulnerabilidad de escritura fuera de límites en la memoria dinámica (heap) en libvncserver/rfbserver.c. La solución para CVE-2018-15127 era incompleta. • http://www.securityfocus.com/bid/106825 https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707 https://github.com/LibVNC/libvncserver/issues/273 https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://usn.ubuntu.com/4587-1 https://www.openwall. • CWE-787: Out-of-bounds Write •