CVE-2018-15127

Published: 19 December 2018

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution

Notes

Author	Note
mdeslaur	initial commit was incomplete, see comment on original bug New CVE numbers for complete fix are CVE-2018-20749 and CVE-2018-20750

Priority

Cvss 3 Severity Score

9.8

Score breakdown

Status

Package	Release	Status
libvncserver Launchpad, Ubuntu, Debian	upstream	Released (0.9.11+dfsg-1.2)
	trusty	Released (0.9.9+dfsg-1ubuntu1.4)
	xenial	Released (0.9.10+dfsg-3ubuntu0.16.04.3)
	bionic	Released (0.9.11+dfsg-1ubuntu1.1)
	cosmic	Released (0.9.11+dfsg-1.1ubuntu0.1)
	disco	Not vulnerable (0.9.11+dfsg-1.2)
	focal	Not vulnerable (0.9.11+dfsg-1.2)
	Patches: upstream: https://github.com/LibVNC/libvncserver/commit/502821828ed00b4a2c4bef90683d0fd88ce495de
x11vnc Launchpad, Ubuntu, Debian	trusty	Not vulnerable (uses shared libvnc)
	bionic	Not vulnerable (uses shared libvnc)
	cosmic	Ignored (end of life)
	disco	Not vulnerable (uses shared libvnc)
	focal	Not vulnerable (uses shared libvnc)
	upstream	Needs triage
	xenial	Not vulnerable (uses shared libvnc)
italc Launchpad, Ubuntu, Debian	bionic	Released (1:3.0.3+dfsg1-3ubuntu0.1)
	focal	Does not exist
	trusty	Does not exist (trusty was needed)
	upstream	Released (1:3.0.3+dfsg1-1+deb9u1, 1:2.0.2+dfsg1-2+deb8u1)
	xenial	Released (1:2.0.2+dfsg1-4ubuntu0.1)

Severity score breakdown

Parameter	Value
Base score	9.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›