Remote Code Execution (RCE)

2019-01-1110:08:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.024 Low

EPSS

Percentile

89.9%

JSON

libvncserver.so is vulnerable to remote code execution. The vulnerability is possible because of a heap use-after-free flaw in the server code of the file transfer extension.

CPENameOperatorVersion
libvncserver.soeq0.0.0

CPE	Name	Operator	Version
	libvncserver.so	eq	0.0.0

References

bugzilla.suse.com/show_bug.cgi?id=1120114

ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/

lists.debian.org/debian-lts-announce/2019/01/msg00029.html

lists.debian.org/debian-lts-announce/2019/10/msg00042.html

usn.ubuntu.com/3877-1/

www.debian.org/security/2019/dsa-4383

0.024 Low

EPSS

Percentile

89.9%

JSON

Related for VERACODE:8140