CVE-2018-20748

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Patch Third Party Advisory
https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae	Patch Third Party Advisory
https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7	Patch Third Party Advisory
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a	Patch Third Party Advisory
https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c	Patch Third Party Advisory
https://github.com/LibVNC/libvncserver/issues/273	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/3877-1/	Third Party Advisory
https://usn.ubuntu.com/4547-1/	Third Party Advisory
https://usn.ubuntu.com/4587-1/	Third Party Advisory
https://www.openwall.com/lists/oss-security/2018/12/10/8	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*

History

09 Mar 2022, 21:54

Type	Values Removed	Values Added
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html - Mailing List, Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4587-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4587-1/ - Third Party Advisory
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf - Patch, Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4547-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4547-1/ - Third Party Advisory
First Time		Siemens simatic Itc2200 Siemens simatic Itc2200 Pro Firmware Siemens Siemens simatic Itc1900 Pro Siemens simatic Itc1500 Siemens simatic Itc1900 Siemens simatic Itc1900 Firmware Siemens simatic Itc1900 Pro Firmware Siemens simatic Itc1500 Pro Firmware Siemens simatic Itc2200 Firmware Siemens simatic Itc1500 Firmware Siemens simatic Itc2200 Pro Siemens simatic Itc1500 Pro
CPE		cpe:2.3:h:siemens:simatic_itc1500_pro:-:::::::* cpe:2.3:h:siemens:simatic_itc1900:-:::::::* cpe:2.3:h:siemens:simatic_itc1500:-:::::::* cpe:2.3:h:siemens:simatic_itc2200:-:::::::* cpe:2.3:o:siemens:simatic_itc1900_firmware:::::::: cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:::::::: cpe:2.3:h:siemens:simatic_itc1900_pro:-:::::::* cpe:2.3:h:siemens:simatic_itc2200_pro:-:::::::* cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:::::::: cpe:2.3:o:siemens:simatic_itc2200_firmware:::::::: cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:::::::: cpe:2.3:o:siemens:simatic_itc1500_firmware::::::::

14 Dec 2021, 14:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf -

Information

Published : 2019-01-30 18:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-20748

Mitre link : CVE-2018-20748

CVE.ORG link : CVE-2018-20748

JSON object : View

Products Affected

siemens

simatic_itc1500_pro_firmware
simatic_itc2200_pro_firmware
simatic_itc2200_firmware
simatic_itc1900_pro
simatic_itc1500
simatic_itc1900_firmware
simatic_itc1500_pro
simatic_itc1500_firmware
simatic_itc2200
simatic_itc1900_pro_firmware
simatic_itc1900
simatic_itc2200_pro

canonical

ubuntu_linux

libvnc_project

libvncserver

debian

debian_linux

CWE

CWE-787

Out-of-bounds Write

9.8 /10