CVE-2018-6307
published 2018-12-19CVE-2018-6307: LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can…
PriorityP359high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
26.54%
97.8th percentile
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libvncserver | < libvncserver 0.9.11+dfsg-1.2 (bookworm) | libvncserver 0.9.11+dfsg-1.2 (bookworm) |
| libvnc_project | libvncserver | < 0.9.12 | 0.9.12 |
| libvncserver_project | libvncserver | >= 0 < 0.9.11+dfsg-1.2 | 0.9.11+dfsg-1.2 |
| libvncserver_project | libvncserver | >= 0 < 0.9.11+dfsg-1.2 | 0.9.11+dfsg-1.2 |
| libvncserver_project | libvncserver | >= 0 < 0.9.11+dfsg-1.2 | 0.9.11+dfsg-1.2 |
| libvncserver_project | libvncserver | >= 0 < 0.9.11+dfsg-1.2 | 0.9.11+dfsg-1.2 |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-862p-2jpg-8gg4: LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension tha
ghsa_unreviewed·2022-05-13
CVE-2018-6307 [HIGH] CWE-416 GHSA-862p-2jpg-8gg4: LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension tha
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
OSV
CVE-2018-6307: LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension tha
osv·2018-12-19·CVSS 8.1
CVE-2018-6307 [HIGH] CVE-2018-6307: LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension tha
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
Ubuntu
LibVNCServer vulnerabilities
vendor_ubuntu·2019-01-31
CVE-2018-15126 LibVNCServer vulnerabilities
Title: LibVNCServer vulnerabilities
Summary: Several security issues were fixed in LibVNCServer.
It was discovered that LibVNCServer incorrectly handled certain operations.
A remote attacker able to connect to applications using LibVNCServer could
possibly use this issue to obtain sensitive information, cause a denial of
service, or execute arbitrary code.
Instructions: After a standard system update you need to restart LibVNCServer
applications to make all the necessary changes.
Red Hat
libvncserver: Use-after-free in file transfer extension server code allows for potential code execution
vendor_redhat·2018-12-19·CVSS 8.1
CVE-2018-6307 [HIGH] CWE-416 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution
libvncserver: Use-after-free in file transfer extension server code allows for potential code execution
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
Statement: This issue did not affect the versions of libvncserver as shipped with Red Hat Enterprise Linux 6 and 7, as they did not include support for tightvnc file transfer.
Package: libvncserver (Red Hat Enterprise Linux 6) - Not affected
Package: libvncserver (Red Hat Enterprise Linux 7) - Not affected
Package: libvncserver (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-6307: libvncserver - LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-...
vendor_debian·2018·CVSS 8.1
CVE-2018-6307 [HIGH] CVE-2018-6307: libvncserver - LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-...
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
Scope: local
bookworm: resolved (fixed in 0.9.11+dfsg-1.2)
bullseye: resolved (fixed in 0.9.11+dfsg-1.2)
forky: resolved (fixed in 0.9.11+dfsg-1.2)
sid: resolved (fixed in 0.9.11+dfsg-1.2)
trixie: resolved (fixed in 0.9.11+dfsg-1.2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-6307 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution
bugzilla·2018-12-20·CVSS 8.1
CVE-2018-6307 [HIGH] CVE-2018-6307 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution
CVE-2018-6307 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
External Reference:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/
Upstream Patch:
https://github.com/LibVNC/libvncserver/commit/ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
Discussion:
Created libvncserver tracking bugs for this issue:
Affects: epel-7 [bug 1661138]
Affects: fedora-all [bug 1661137]
---
Upstream Issue:
https://github.com/LibVNC/libvncserver/issues/241
---
Reference:
https://seclists.org/oss-sec/201
Bugzilla
CVE-2018-6307 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution [epel-7]
bugzilla·2018-12-20·CVSS 8.1
CVE-2018-6307 [HIGH] CVE-2018-6307 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution [epel-7]
CVE-2018-6307 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discus
Bugzilla
CVE-2018-6307 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution [fedora-all]
bugzilla·2018-12-20·CVSS 8.1
CVE-2018-6307 [HIGH] CVE-2018-6307 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution [fedora-all]
CVE-2018-6307 libvncserver: Use-after-free in file transfer extension server code allows for potential code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/https://lists.debian.org/debian-lts-announce/2018/12/msg00017.htmlhttps://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://usn.ubuntu.com/3877-1/https://www.debian.org/security/2019/dsa-4383https://github.com/LibVNC/libvncserver/issues/241https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/https://lists.debian.org/debian-lts-announce/2018/12/msg00017.htmlhttps://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://usn.ubuntu.com/3877-1/https://www.debian.org/security/2019/dsa-4383
2018-12-19
Published