DEBIAN-CVE-2018-20021

DEBIAN-CVE-2018-20021 PUBLISHED CVSS 7.5 HIGH

LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM

Risk Scores

CVSS 3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	tightvnc	0, 0, 0
Debian:12	veyon	0, 0, 0
Debian:13	tightvnc	0, 0, 0
Debian:11	tightvnc	0, 0, 0
Debian:11	libvncserver	0, 0, 0
Debian:12	ssvnc	0, 0, 0
Debian:14	libvncserver	0, 0, 0
Debian:14	veyon	0, 0, 0
Debian:12	libvncserver	0, 0, 0
Debian:13	libvncserver	0, 0, 0
Debian:11	ssvnc	0, 0, 0
Debian:13	veyon	0, 0, 0
Debian:13	ssvnc	0, 0, 0
Debian:14	ssvnc	0, 0, 0
Debian:11	veyon	0, 0, 0
Debian:14	tightvnc	0, 0, 0

Timeline

Dec 19, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-20021 advisory

Open in Interactive Console →