| Summary: | [TRACKER] Multiple VNC vulnerabilities (CVE-2018-{20020,20021,20022,20024}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | Keywords: | Tracker |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 673508, 701820 | ||
| Bug Blocks: | |||
CVE-2018-20020 LibVNC contained heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution CVE-2018-20021 LibVNC contained a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM CVE-2018-20022 LibVNC contained multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allowed attackers to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memory layout and in bypassing ASLR. CVE-2018-20024 LibVNC contained null pointer dereference in VNC client code that could result DoS.