Your submission was sent successfully! Close

CVE-2018-21247

Published: 17 June 2020

An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libvncserver
Launchpad, Ubuntu, Debian
bionic Needs triage

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Not vulnerable
(0.9.13+dfsg-1)
hirsute Not vulnerable
(0.9.13+dfsg-1)
impish Not vulnerable
(0.9.13+dfsg-1)
jammy Not vulnerable
(0.9.13+dfsg-1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage

Patches:
upstream: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
veyon
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

vino
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable

x11vnc
Launchpad, Ubuntu, Debian
bionic Needs triage

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

precise Does not exist

trusty Needs triage

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)