Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 701818 (CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20024) - [TRACKER] Multiple VNC vulnerabilities (CVE-2018-{20020,20021,20022,20024})
Summary: [TRACKER] Multiple VNC vulnerabilities (CVE-2018-{20020,20021,20022,20024})
Status: CONFIRMED
Alias: CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20024
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords: Tracker
Depends on: 701820 CVE-2018-20019, CVE-2018-20023
Blocks:
  Show dependency tree
 
Reported: 2019-12-02 22:32 UTC by Thomas Deutschmann
Modified: 2019-12-02 22:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2019-12-02 22:32:44 UTC
CVE-2018-20020

    LibVNC contained heap out-of-bound write vulnerability inside
    structure in VNC client code that can result remote code execution

CVE-2018-20021

    LibVNC contained a CWE-835: Infinite loop vulnerability in VNC client
    code. Vulnerability allows attacker to consume excessive amount of
    resources like CPU and RAM

CVE-2018-20022

    LibVNC contained multiple weaknesses CWE-665: Improper Initialization
    vulnerability in VNC client code that allowed attackers to read stack
    memory and could be abused for information disclosure. Combined with
    another vulnerability, it could be used to leak stack memory layout
    and in bypassing ASLR.

CVE-2018-20024

    LibVNC contained null pointer dereference in VNC client code that
    could result DoS.