Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 701818 (CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20024) - [TRACKER] Multiple VNC vulnerabilities (CVE-2018-{20020,20021,20022,20024})
Summary: [TRACKER] Multiple VNC vulnerabilities (CVE-2018-{20020,20021,20022,20024})
Alias: CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20024
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Keywords: Tracker
Depends on: 701820 CVE-2018-20019, CVE-2018-20023
  Show dependency tree
Reported: 2019-12-02 22:32 UTC by Thomas Deutschmann
Modified: 2019-12-02 22:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2019-12-02 22:32:44 UTC

    LibVNC contained heap out-of-bound write vulnerability inside
    structure in VNC client code that can result remote code execution


    LibVNC contained a CWE-835: Infinite loop vulnerability in VNC client
    code. Vulnerability allows attacker to consume excessive amount of
    resources like CPU and RAM


    LibVNC contained multiple weaknesses CWE-665: Improper Initialization
    vulnerability in VNC client code that allowed attackers to read stack
    memory and could be abused for information disclosure. Combined with
    another vulnerability, it could be used to leak stack memory layout
    and in bypassing ASLR.


    LibVNC contained null pointer dereference in VNC client code that
    could result DoS.