LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf | Patch Third Party Advisory |
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/ | Broken Link |
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/201908-05 | Third Party Advisory |
https://usn.ubuntu.com/3877-1/ | Third Party Advisory |
https://usn.ubuntu.com/4547-1/ | Third Party Advisory |
https://usn.ubuntu.com/4587-1/ | Third Party Advisory |
https://www.debian.org/security/2019/dsa-4383 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
31 Mar 2022, 19:48
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/ - Broken Link | |
References | (GENTOO) https://security.gentoo.org/glsa/201908-05 - Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf - Patch, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4587-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4547-1/ - Third Party Advisory | |
First Time |
Siemens simatic Itc2200
Siemens simatic Itc2200 Pro Firmware Siemens Siemens simatic Itc1900 Pro Siemens simatic Itc1500 Siemens simatic Itc1900 Siemens simatic Itc1900 Firmware Siemens simatic Itc1900 Pro Firmware Siemens simatic Itc1500 Pro Firmware Siemens simatic Itc2200 Firmware Siemens simatic Itc1500 Firmware Siemens simatic Itc2200 Pro Siemens simatic Itc1500 Pro |
|
CPE | cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:* |
14 Dec 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-12-19 16:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-20019
Mitre link : CVE-2018-20019
CVE.ORG link : CVE-2018-20019
JSON object : View
Products Affected
siemens
- simatic_itc1900
- simatic_itc2200_pro
- simatic_itc1900_pro
- simatic_itc1500_firmware
- simatic_itc1900_firmware
- simatic_itc1500
- simatic_itc1500_pro_firmware
- simatic_itc2200
- simatic_itc2200_pro_firmware
- simatic_itc1500_pro
- simatic_itc1900_pro_firmware
- simatic_itc2200_firmware
canonical
- ubuntu_linux
debian
- debian_linux
libvnc_project
- libvncserver
CWE
CWE-787
Out-of-bounds Write