CVE-2018-20023 — Improper Initialization in Project Libvncserver
Severity
7.5HIGHNVD
EPSS
0.9%
top 25.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 19
Latest updateMay 13
Description
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10
🔴Vulnerability Details
4GHSA▶
GHSA-h752-h62f-w8j9: LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows↗2022-05-13
CVEList▶
CVE-2018-20023: LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows↗2018-12-19
OSV▶
CVE-2018-20023: LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows↗2018-12-19
📋Vendor Advisories
5💬Community
3Bugzilla▶
CVE-2018-20023 libvncserver: Improper initialization in VNC Repeater client code allows for information disclosure [epel-7]↗2018-12-20
Bugzilla▶
CVE-2018-20023 libvncserver: Improper initialization in VNC Repeater client code allows for information disclosure [fedora-all]↗2018-12-20
Bugzilla▶
CVE-2018-20023 libvncserver: Improper initialization in VNC Repeater client code allows for information disclosure↗2018-12-20