CVE-2018-20749

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Link	Resource
https://www.openwall.com/lists/oss-security/2018/12/10/8	Exploit Mailing List
https://github.com/LibVNC/libvncserver/issues/273	Issue Tracking Third Party Advisory
https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707	Patch Third Party Advisory
https://usn.ubuntu.com/3877-1/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html	Third Party Advisory
http://www.securityfocus.com/bid/106825	Broken Link
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4547-1/	Third Party Advisory
https://usn.ubuntu.com/4587-1/	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Patch Third Party Advisory

Configuration 1

cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

---

Published : 2019-01-30 06:29

Updated : 2022-03-09 09:54

---

NVD link : CVE-2018-20749

Mitre link : CVE-2018-20749

Siemens

Simatic Itc2200 Pro Firmware

CWE-787