Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 701818 (CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20024)

Summary: [TRACKER] Multiple VNC vulnerabilities (CVE-2018-{20020,20021,20022,20024})
Product: Gentoo Security Reporter: Thomas Deutschmann <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal Keywords: Tracker
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 673508, 701820    
Bug Blocks:    

Description Thomas Deutschmann gentoo-dev Security 2019-12-02 22:32:44 UTC
CVE-2018-20020

    LibVNC contained heap out-of-bound write vulnerability inside
    structure in VNC client code that can result remote code execution

CVE-2018-20021

    LibVNC contained a CWE-835: Infinite loop vulnerability in VNC client
    code. Vulnerability allows attacker to consume excessive amount of
    resources like CPU and RAM

CVE-2018-20022

    LibVNC contained multiple weaknesses CWE-665: Improper Initialization
    vulnerability in VNC client code that allowed attackers to read stack
    memory and could be abused for information disclosure. Combined with
    another vulnerability, it could be used to leak stack memory layout
    and in bypassing ASLR.

CVE-2018-20024

    LibVNC contained null pointer dereference in VNC client code that
    could result DoS.