| LibVNC prima 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contiene più deboli CWE-665: la vulnerabilità di inizializzazione improprio in VNC codice client che permette malintenzionato di leggere la memoria stack e può essere l’abuso per la divulgazione di informazioni. Combinata con un’altra vulnerabilità, può essere usato a fuoriuscire layout della memoria stack e in ASLR bypassando |
| https://www.debian.org/security/2019/dsa-4383 https://security.gentoo.org/glsa/201908-05 https://security.gentoo.org/glsa/202006-06 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/ https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://usn.ubuntu.com/3877-1/ https://usn.ubuntu.com/4547-1/ https://usn.ubuntu.com/4547-2/ https://usn.ubuntu.com/4587-1/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022 |
Vulnerabilità: CVE-2018-20022
