Lucene search

Veracode Vulnerability DatabaseVERACODE:13287

HistoryJan 31, 2019 - 1:29 a.m.

Remote Code Execution (RCE)

2019-01-3101:29:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

75.9%

JSON

LibVNCserver.so is vulnerable to remote code execution. A heap out-of-bounds write vulnerability in libvncserver/rfbserver.c allows for a remote attacker to execute arbitrary code on the system.

CPENameOperatorVersion
libvncserver.soeq0.0.0
libvncserver.soeq0.0.0

CPE	Name	Operator	Version
	libvncserver.so	eq	0.0.0
	libvncserver.so	eq	0.0.0

References

www.securityfocus.com/bid/106825

cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707

github.com/LibVNC/libvncserver/issues/273

lists.debian.org/debian-lts-announce/2019/01/msg00029.html

lists.debian.org/debian-lts-announce/2019/10/msg00042.html

usn.ubuntu.com/3877-1/

usn.ubuntu.com/4547-1/

usn.ubuntu.com/4587-1/

www.openwall.com/lists/oss-security/2018/12/10/8

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for VERACODE:13287