An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html | Mailing List Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf | Patch Third Party Advisory |
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 | Patch Third Party Advisory |
https://github.com/LibVNC/libvncserver/issues/253 | Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
07 Nov 2023, 02:56
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
10 Mar 2022, 15:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:libvncserver_project:libvncserver:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:* |
First Time |
Siemens simatic Itc2200
Siemens simatic Itc2200 Pro Firmware Siemens Canonical ubuntu Linux Siemens simatic Itc1900 Firmware Siemens simatic Itc1900 Pro Firmware Siemens simatic Itc1500 Firmware Canonical Siemens simatic Itc1500 Libvnc Project Libvnc Project libvncserver Siemens simatic Itc1500 Pro Debian debian Linux Siemens simatic Itc1900 Pro Siemens simatic Itc1900 Siemens simatic Itc1500 Pro Firmware Siemens simatic Itc2200 Firmware Siemens simatic Itc2200 Pro Debian |
|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf - Patch, Third Party Advisory | |
CWE | CWE-909 |
14 Dec 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-06-17 16:15
Updated : 2023-12-10 13:27
NVD link : CVE-2018-21247
Mitre link : CVE-2018-21247
CVE.ORG link : CVE-2018-21247
JSON object : View
Products Affected
siemens
- simatic_itc1900
- simatic_itc2200_pro
- simatic_itc1900_pro
- simatic_itc1500_firmware
- simatic_itc1900_firmware
- simatic_itc1500
- simatic_itc1500_pro_firmware
- simatic_itc2200
- simatic_itc2200_pro_firmware
- simatic_itc1500_pro
- simatic_itc1900_pro_firmware
- simatic_itc2200_firmware
canonical
- ubuntu_linux
debian
- debian_linux
opensuse
- leap
libvnc_project
- libvncserver
CWE
CWE-909
Missing Initialization of Resource