Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 701818 (CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20024)

Summary: [TRACKER] Multiple VNC vulnerabilities (CVE-2018-{20020,20021,20022,20024})
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal Keywords: Tracker
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---
Bug Depends on: 673508, 701820    
Bug Blocks:    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-02 22:32:44 UTC

    LibVNC contained heap out-of-bound write vulnerability inside
    structure in VNC client code that can result remote code execution


    LibVNC contained a CWE-835: Infinite loop vulnerability in VNC client
    code. Vulnerability allows attacker to consume excessive amount of
    resources like CPU and RAM


    LibVNC contained multiple weaknesses CWE-665: Improper Initialization
    vulnerability in VNC client code that allowed attackers to read stack
    memory and could be abused for information disclosure. Combined with
    another vulnerability, it could be used to leak stack memory layout
    and in bypassing ASLR.


    LibVNC contained null pointer dereference in VNC client code that
    could result DoS.