CVE-2018-15127

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution

References

https://access.redhat.com/errata/RHSA-2019:0059

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/

https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html

https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html

https://usn.ubuntu.com/3877-1/

https://usn.ubuntu.com/4547-1/

https://usn.ubuntu.com/4587-1/

https://www.debian.org/security/2019/dsa-4383

Details

Source: MITRE

Published: 2018-12-19

Updated: 2020-10-23

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
141545Ubuntu 16.04 LTS : iTALC vulnerabilities (USN-4587-1)NessusUbuntu Local Security Checks
critical
140920Ubuntu 18.04 LTS : iTALC vulnerabilities (USN-4547-1)NessusUbuntu Local Security Checks
critical
130408Debian DLA-1979-1 : italc security updateNessusDebian Local Security Checks
critical
127237NewStart CGSL CORE 5.04 / MAIN 5.04 : libvncserver Multiple Vulnerabilities (NS-SA-2019-0052)NessusNewStart CGSL Local Security Checks
critical
122378EulerOS 2.0 SP2 : libvncserver (EulerOS-SA-2019-1051)NessusHuawei Local Security Checks
critical
122206EulerOS 2.0 SP5 : libvncserver (EulerOS-SA-2019-1033)NessusHuawei Local Security Checks
critical
122205EulerOS 2.0 SP3 : libvncserver (EulerOS-SA-2019-1032)NessusHuawei Local Security Checks
critical
122162Amazon Linux 2 : libvncserver (ALAS-2019-1161)NessusAmazon Linux Local Security Checks
critical
121561Debian DSA-4383-1 : libvncserver - security updateNessusDebian Local Security Checks
critical
121541Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : LibVNCServer vulnerabilities (USN-3877-1)NessusUbuntu Local Security Checks
critical
121282openSUSE Security Update : LibVNCServer (openSUSE-2019-53)NessusSuSE Local Security Checks
critical
121216CentOS 7 : libvncserver (CESA-2019:0059)NessusCentOS Local Security Checks
critical
121205Scientific Linux Security Update : libvncserver on SL7.x x86_64 (20190115)NessusScientific Linux Local Security Checks
critical
121203RHEL 7 : libvncserver (RHSA-2019:0059)NessusRed Hat Local Security Checks
critical
121200Oracle Linux 7 : libvncserver (ELSA-2019-0059)NessusOracle Linux Local Security Checks
critical
121160SUSE SLES11 Security Update : LibVNCServer (SUSE-SU-2019:13927-1)NessusSuSE Local Security Checks
critical
121158SUSE SLED15 / SLES15 Security Update : LibVNCServer (SUSE-SU-2019:0080-1)NessusSuSE Local Security Checks
critical
121154openSUSE Security Update : LibVNCServer (openSUSE-2019-45)NessusSuSE Local Security Checks
critical
121094SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2019:0060-1)NessusSuSE Local Security Checks
critical
119877Debian DLA-1617-1 : libvncserver security updateNessusDebian Local Security Checks
critical