CVE-2018-21247

Опубликовано: 17 июн. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html
Mailing List
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
Patch
Third Party Advisory
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13
Patch
Third Party Advisory
https://github.com/LibVNC/libvncserver/issues/253
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html
Mailing List
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
Patch
Third Party Advisory
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13
Patch
Third Party Advisory
https://github.com/LibVNC/libvncserver/issues/253
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*

Версия до 0.9.12 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*