Home

CVE-2018-20021

Description

LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.552

Associated Vulnerability

VulnerabilityOS Platform
vnc server library (USN-3171-1) libvncclient1_0.9.10+dfsg-3ubuntu0.16.04.3_i386.debLinux
vnc server library (USN-3171-1) libvncclient1_0.9.10+dfsg-3ubuntu0.16.04.3_amd64.debLinux
vnc server library (USN-3618-1) libvncserver0_0.9.9+dfsg-1ubuntu1.4_i386.debLinux
vnc server library (USN-3618-1) libvncserver0_0.9.9+dfsg-1ubuntu1.4_amd64.debLinux
vnc server library (USN-3618-1) libvncserver1_0.9.10+dfsg-3ubuntu0.16.04.3_i386.debLinux
vnc server library (USN-3618-1) libvncserver1_0.9.10+dfsg-3ubuntu0.16.04.3_amd64.debLinux
vnc server library (USN-3877-1) libvncclient1_0.9.11+dfsg-1ubuntu1.1_i386.debLinux
vnc server library (USN-3877-1) libvncclient1_0.9.11+dfsg-1ubuntu1.1_amd64.debLinux
vnc server library (USN-3877-1) libvncclient1_0.9.11+dfsg-1.1ubuntu0.1_i386.debLinux
vnc server library (USN-3877-1) libvncclient1_0.9.11+dfsg-1.1ubuntu0.1_amd64.debLinux
vnc server library (USN-3877-1) libvncclient1_0.9.10+dfsg-3ubuntu0.16.04.3_i386.debLinux
vnc server library (USN-3877-1) libvncclient1_0.9.10+dfsg-3ubuntu0.16.04.3_amd64.debLinux
vnc server library (USN-3877-1) libvncserver0_0.9.9+dfsg-1ubuntu1.4_i386.debLinux
vnc server library (USN-3877-1) libvncserver0_0.9.9+dfsg-1ubuntu1.4_amd64.debLinux
vnc server library (USN-3877-1) libvncserver1_0.9.11+dfsg-1ubuntu1.1_i386.debLinux
vnc server library (USN-3877-1) libvncserver1_0.9.11+dfsg-1ubuntu1.1_amd64.debLinux
vnc server library (USN-3877-1) libvncserver1_0.9.11+dfsg-1.1ubuntu0.1_i386.debLinux
vnc server library (USN-3877-1) libvncserver1_0.9.11+dfsg-1.1ubuntu0.1_amd64.debLinux
vnc server library (USN-3877-1) libvncserver1_0.9.10+dfsg-3ubuntu0.16.04.3_i386.debLinux
vnc server library (USN-3877-1) libvncserver1_0.9.10+dfsg-3ubuntu0.16.04.3_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) italc-client_3.0.3+dfsg1-3ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) italc-client_3.0.3+dfsg1-3ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) italc-master_3.0.3+dfsg1-3ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) italc-master_3.0.3+dfsg1-3ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) libitalccore_3.0.3+dfsg1-3ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) libitalccore_3.0.3+dfsg1-3ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-client_2.0.2+dfsg1-4ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-client_2.0.2+dfsg1-4ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-master_2.0.2+dfsg1-4ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-master_2.0.2+dfsg1-4ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) libitalccore_2.0.2+dfsg1-4ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) libitalccore_2.0.2+dfsg1-4ubuntu0.1_amd64.debLinux
Enhanced TightVNC viewer with SSL/SSH tunnel helper (USN-4547-2) ssvnc_1.0.29-2+deb8u1build0.16.04.1_i386.debLinux
Enhanced TightVNC viewer with SSL/SSH tunnel helper (USN-4547-2) ssvnc_1.0.29-2+deb8u1build0.16.04.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234