VDB
DEBIAN-CVE-2018-20022
DEBIAN-CVE-2018-20022
PUBLISHED
CVSS 7.5 HIGH
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
Risk Scores
CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | veyon | 0, 0, 0 |
| Debian:12 | tightvnc | 0, 0, 0 |
| Debian:13 | veyon | 0, 0, 0 |
| Debian:12 | ssvnc | 0, 0, 0 |
| Debian:13 | ssvnc | 0, 0, 0 |
| Debian:11 | ssvnc | 0, 0, 0 |
| Debian:14 | tightvnc | 0, 0, 0 |
| Debian:12 | veyon | 0, 0, 0 |
| Debian:13 | tightvnc | 0, 0, 0 |
| Debian:13 | libvncserver | 0, 0, 0 |
| Debian:14 | ssvnc | 0, 0, 0 |
| Debian:11 | veyon | 0, 0, 0 |
| Debian:11 | libvncserver | 0, 0, 0 |
| Debian:14 | libvncserver | 0, 0, 0 |
| Debian:12 | libvncserver | 0, 0, 0 |
| Debian:11 | tightvnc | 0, 0, 0 |
Timeline
- Dec 19, 2018 CVE Published
- Apr 28, 2026 CVE Updated