Alpine: multiple libvncserver packages: security update to 0.9.12-r0 (deprecated)

high Tenable Cloud Security Plugin ID 400482

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC
server code, which allow an attacker to read stack memory and can be abused for information disclosure.
Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack
appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit
d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. (CVE-2019-15681)

See Also

https://git.alpinelinux.org/aports/commit/?id=0b572578bebcf302d72e52216fdfff53165f6e2d

https://git.alpinelinux.org/aports/commit/?id=7ffb9c86bb3d9779b75b0813bcecfce0e5b7eabe

Plugin Details

Severity: High

ID: 400482

Version: Revision 1.24

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-15681

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 11/3/2019

Vulnerability Publication Date: 10/29/2019

Reference Information

CVE: CVE-2019-15681

IAVA: 2020-A-0381