CVE-2018-20022

Published: 19 December 2018

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR

Priority

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package	Release	Status
italc Launchpad, Ubuntu, Debian	bionic	Released (1:3.0.3+dfsg1-3ubuntu0.1)
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Does not exist (trusty was needed)
	upstream	Released (1:3.0.3+dfsg1-1+deb9u1, 1:2.0.2+dfsg1-2+deb8u1)
	xenial	Released (1:2.0.2+dfsg1-4ubuntu0.1)
libvncserver Launchpad, Ubuntu, Debian	bionic	Released (0.9.11+dfsg-1ubuntu1.1)
	cosmic	Released (0.9.11+dfsg-1.1ubuntu0.1)
	disco	Not vulnerable (0.9.11+dfsg-1.2)
	focal	Not vulnerable (0.9.11+dfsg-1.2)
	groovy	Not vulnerable (0.9.11+dfsg-1.2)
	hirsute	Not vulnerable (0.9.11+dfsg-1.2)
	impish	Not vulnerable (0.9.11+dfsg-1.2)
	jammy	Not vulnerable (0.9.11+dfsg-1.2)
	kinetic	Not vulnerable (0.9.11+dfsg-1.2)
	lunar	Not vulnerable (0.9.11+dfsg-1.2)
	mantic	Not vulnerable (0.9.11+dfsg-1.2)
	trusty	Released (0.9.9+dfsg-1ubuntu1.4)
	upstream	Released (0.9.11+dfsg-1.2)
	xenial	Released (0.9.10+dfsg-3ubuntu0.16.04.3)
	Patches: upstream: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
ssvnc Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Not vulnerable (1.0.29-5)
	groovy	Not vulnerable (1.0.29-5)
	hirsute	Not vulnerable (1.0.29-5)
	impish	Not vulnerable (1.0.29-5)
	jammy	Not vulnerable (1.0.29-5)
	kinetic	Not vulnerable (1.0.29-5)
	lunar	Not vulnerable (1.0.29-5)
	mantic	Not vulnerable (1.0.29-5)
	trusty	Does not exist (trusty was needed)
	upstream	Released (1.0.29-2+deb8u1, 1.0.29-3+deb9u1, 1.0.29-4+deb10u1, 1.0.29-5)
	xenial	Released (1.9.29-2+deb8u1build0.16.04.1)
tightvnc Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	trusty	Released (1.3.9-6.5+deb8u1build0.14.04.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Released (1:1.3.9-6.5+deb8u1)
	xenial	Needs triage
x11vnc Launchpad, Ubuntu, Debian	bionic	Not vulnerable (uses shared libvnc)
	cosmic	Ignored (end of life)
	disco	Not vulnerable (uses shared libvnc)
	focal	Not vulnerable (uses shared libvnc)
	groovy	Not vulnerable (uses shared libvnc)
	hirsute	Not vulnerable (uses shared libvnc)
	impish	Not vulnerable (uses shared libvnc)
	jammy	Not vulnerable (uses shared libvnc)
	kinetic	Not vulnerable (uses shared libvnc)
	lunar	Not vulnerable (uses shared libvnc)
	mantic	Not vulnerable (uses shared libvnc)
	trusty	Not vulnerable (uses shared libvnc)
	upstream	Needs triage
	xenial	Not vulnerable (uses shared libvnc)

Severity score breakdown

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›