CVE-2018-20748

Summary

CVE	CVE-2018-20748
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-01-30 18:29:00 UTC
Updated	2022-03-09 21:54:00 UTC
Description	LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.10	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.10	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Application	Libvnc Project	Libvncserver	All	All	All	All
Application	Libvnc Project	Libvncserver	All	All	All	All
Hardware	Siemens	Simatic Itc1500	-	All	All	All
Operating System	Siemens	Simatic Itc1500 Firmware	All	All	All	All
Hardware	Siemens	Simatic Itc1500 Pro	-	All	All	All
Operating System	Siemens	Simatic Itc1500 Pro Firmware	All	All	All	All
Hardware	Siemens	Simatic Itc1900	-	All	All	All
Operating System	Siemens	Simatic Itc1900 Firmware	All	All	All	All
Hardware	Siemens	Simatic Itc1900 Pro	-	All	All	All
Operating System	Siemens	Simatic Itc1900 Pro Firmware	All	All	All	All
Hardware	Siemens	Simatic Itc2200	-	All	All	All
Operating System	Siemens	Simatic Itc2200 Firmware	All	All	All	All
Hardware	Siemens	Simatic Itc2200 Pro	-	All	All	All
Operating System	Siemens	Simatic Itc2200 Pro Firmware	All	All	All	All

References

Reference	Source	Link	Tags
USN-3877-1: LibVNCServer vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com	Third Party Advisory
LibVNCClient: remove now-useless cast · LibVNC/libvncserver@a64c3b3 · GitHub	MISC	github.com	Patch, Third Party Advisory
USN-4547-1: iTALC vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
oss-security - Re: libvnc and tightvnc vulnerabilities	MISC	www.openwall.com	Exploit, Mailing List, Third Party Advisory
LibVNCClient: ignore server-sent reason strings longer than 1MB · LibVNC/libvncserver@e34bcbb · GitHub	MISC	github.com	Patch, Third Party Advisory
SECURITY: malloc((uint64_t)length + 1) is unsafe, especially on 32-bit systems · Issue #273 · LibVNC/libvncserver · GitHub	MISC	github.com	Issue Tracking, Third Party Advisory
[SECURITY] [DLA 1979-1] italc security update	MLIST	lists.debian.org
[SECURITY] [DLA 1652-1] libvncserver security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
USN-4587-1: iTALC vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
LibVNCClient: fail on server-sent desktop name lengths longer than 1MB · LibVNC/libvncserver@c2c4b81 · GitHub	MISC	github.com	Patch, Third Party Advisory
cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	CONFIRM	cert-portal.siemens.com
LibVNCClient: ignore server-sent cut text longer than 1MB · LibVNC/libvncserver@c5ba3fe · GitHub	MISC	github.com	Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590668 Siemens SIMATIC ITC Multiple Vulnerabilities (ICSA-21-350-12)