LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
References
Link | Resource |
---|---|
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/ | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html | |
https://usn.ubuntu.com/3877-1/ | Third Party Advisory |
https://www.debian.org/security/2019/dsa-4383 | Third Party Advisory |
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/ | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html | |
https://usn.ubuntu.com/3877-1/ | Third Party Advisory |
https://www.debian.org/security/2019/dsa-4383 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 03:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/ - Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html - | |
References | () https://usn.ubuntu.com/3877-1/ - Third Party Advisory | |
References | () https://www.debian.org/security/2019/dsa-4383 - Third Party Advisory |
Information
Published : 2018-12-19 16:29
Updated : 2024-11-21 03:50
NVD link : CVE-2018-15126
Mitre link : CVE-2018-15126
CVE.ORG link : CVE-2018-15126
JSON object : View
Products Affected
libvnc_project
- libvncserver
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-416
Use After Free