CVE-2018-20019: LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution

Affected

24 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	libvncserver	< libvncserver 0.9.11+dfsg-1.2 (bookworm)	libvncserver 0.9.11+dfsg-1.2 (bookworm)
debian	libvncserver	< libvncserver 0.9.11+dfsg-1.3 (bookworm)	libvncserver 0.9.11+dfsg-1.3 (bookworm)
debian	veyon	< libvncserver 0.9.11+dfsg-1.3 (bookworm)	libvncserver 0.9.11+dfsg-1.3 (bookworm)
libvnc_project	libvncserver	< 0.9.12	0.9.12
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.3	0.9.11+dfsg-1.3
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.3	0.9.11+dfsg-1.3
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.3	0.9.11+dfsg-1.3
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.3	0.9.11+dfsg-1.3
siemens	simatic_itc1500_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc1500_pro_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc1900_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc1900_pro_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc2200_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc2200_pro_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL