CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2018-20021
https://notcve.org/view.php?id=CVE-2018-20021
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM LibVNC antes del commit con ID c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contiene una vulnerabilidad CWE-835: bucle infinito en el código del cliente VNC. Esta vulnerabilidad permite que el atacante consuma una cantidad excesiva de recursos como la CPU y la RAM. • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://security.gentoo.org/glsa/201908-05 https://security.gentoo.org/glsa/202006-06 https://usn.ubuntu.com • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-20023
https://notcve.org/view.php?id=CVE-2018-20023
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR LibVNC antes de 8b06f835e259652b0ff026898014fc7297ade858 contiene una vulnerabilidad CWE-665: inicialización incorrecta en el código del cliente VNC que permite que un atacante lea memoria de la pila y puede abusarse para divulgar información. Si se combina con otra vulnerabilidad, puede emplearse para filtrar la distribución de la memoria de la pila y omitir ASLR. • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://security.gentoo.org/glsa/201908-05 https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://usn.ubuntu.com/4587-1 https://www.debian.org/security/2019/dsa-4383 • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-20024
https://notcve.org/view.php?id=CVE-2018-20024
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. LibVNC antes del commit con ID 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contiene una desreferencia de puntero NULL en el código del cliente VNC que puede resultar en una denegación de servicio (DoS). • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html https://security.gentoo.org/glsa/201908-05 https://security.gentoo.org/glsa/202006-06 https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://us • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 1CVE-2018-7225 – libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c
https://notcve.org/view.php?id=CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Se ha descubierto un problema en LibVNCServer hasta la versión 0.9.11. rfbProcessClientNormalMessage() en rfbserver.c no sanea msg.cct.length, lo que conduce a un acceso a datos no inicializados y potencialmente sensibles o, posiblemente, a otro tipo de impacto sin especificar (por ejemplo, un desbordamiento de enteros) mediante paquetes VNC especialmente manipulados. • http://www.openwall.com/lists/oss-security/2018/02/18/1 http://www.securityfocus.com/bid/103107 https://access.redhat.com/errata/RHSA-2018:1055 https://github.com/LibVNC/libvncserver/issues/218 https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://se • CWE-190: Integer Overflow or Wraparound CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9942
https://notcve.org/view.php?id=CVE-2016-9942
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. Desbordamiento de búfer basado en memoria dinámica en ultra.c en LibVNCClient en LibVNCServer en versiones anteriores a 0.9.11 permite a servidores remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un mensaje FramebufferUpdate manipulado con el título de tipo Ultra, de manera que la longitud de la carga útil LZO descomprimida excede lo especificado por las dimensiones del azulejo. • http://www.debian.org/security/2017/dsa-3753 http://www.securityfocus.com/bid/95170 https://github.com/LibVNC/libvncserver/pull/137 https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11 https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://security.gentoo.org/glsa/201702-24 https://usn.ubuntu.com/4587-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •