Alpine: multiple libvncserver packages: security update to 0.9.12-r1

high Tenable Cloud Security Plugin ID 427008

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC
server code, which allow an attacker to read stack memory and can be abused for information disclosure.
Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack
appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit
d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. (CVE-2019-15681)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-15681

Plugin Details

Severity: High

ID: 427008

Version: Revision 1.3

Type: Local

Published: 5/16/2025

Updated: 1/27/2026

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-15681

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/29/2019

Reference Information

CVE: CVE-2019-15681

IAVA: 2020-A-0381