VDB
CVE-2018-20023
CVE-2018-20023
PUBLISHED
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
EPSS 0.86% · 75.4th percentile
Risk Scores
EPSS Score
0.86%
75.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | italc | 0, 1:2.0.2+dfsg1-3, * |
| Ubuntu:18.04:LTS | libvncserver | 0.9.11+dfsg-1, *, 0 |
| Ubuntu:14.04:LTS | libvncserver | 0, 0.9.9+dfsg-1, 0.9.9+dfsg-1ubuntu1 |
| Ubuntu:18.04:LTS | italc | *, 0, 1:3.0.3+dfsg1-1 |
| Ubuntu:16.04:LTS | libvncserver | 0, 0.9.10+dfsg-3build1, 0.9.10+dfsg-3ubuntu0.16.04.1 |
Timeline
- Dec 19, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-20023 third-party-advisory
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/ third-party-advisory
- https://ubuntu.com/security/notices/USN-3877-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4547-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-20023 third-party-advisory
- https://ubuntu.com/security/notices/USN-4587-1 vendor-advisory