LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
References
Link | Resource |
---|---|
https://github.com/LibVNC/libvncserver/issues/241 | Third Party Advisory |
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/ | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html | |
https://usn.ubuntu.com/3877-1/ | Third Party Advisory |
https://www.debian.org/security/2019/dsa-4383 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Kaspersky
Published: 2018-12-19T16:00:00
Updated: 2019-10-31T00:06:57
Reserved: 2018-01-25T00:00:00
Link: CVE-2018-6307
JSON object: View
NVD Information
Status : Modified
Published: 2018-12-19T16:29:00.593
Modified: 2019-10-31T01:15:15.157
Link: CVE-2018-6307
JSON object: View
Redhat Information
No data.
CWE