CVE-2018-20748

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-20748
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20748.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-20748
Downstream
Related
Published
2019-01-30T18:29:00Z
Modified
2025-09-19T09:43:26.480198Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

References

Affected packages

Git / github.com/libvnc/libvncserver

Affected ranges

Type
GIT
Repo
https://github.com/libvnc/libvncserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a64c3b37af9a6c8f8009d7516874b8d266b42bae
Fixed
c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
Fixed
c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
Fixed
e34bcbb759ca5bef85809967a268fdf214c1ad2c

Affected versions

LibVNCServer-0.*

LibVNCServer-0.9.10
LibVNCServer-0.9.11
LibVNCServer-0.9.8
LibVNCServer-0.9.9

Other

X11VNC_0_9_10
X11VNC_0_9_11
X11VNC_0_9_12
X11VNC_0_9_7
X11VNC_0_9_8
X11VNC_0_9_9
X11VNC_REL_0_9_4
X11VNC_REL_0_9_5
X11VNC_REL_0_9_6

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "12073792519026169399055785631219693532",
                "length": 15576.0
            },
            "signature_type": "Function",
            "source": "https://github.com/libvnc/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a",
            "target": {
                "file": "libvncclient/rfbproto.c",
                "function": "HandleRFBServerMessage"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2018-20748-08854b13"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "270509393327960365748685557792116831529",
                    "339080614919184849562659400147945780071",
                    "64130665682880843821983036439133378936"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/libvnc/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a",
            "target": {
                "file": "libvncclient/rfbproto.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2018-20748-0b22567d"
        },
        {
            "digest": {
                "function_hash": "10960388733564271478810429185117381064",
                "length": 5908.0
            },
            "signature_type": "Function",
            "source": "https://github.com/libvnc/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7",
            "target": {
                "file": "libvncclient/rfbproto.c",
                "function": "InitialiseRFBConnection"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2018-20748-176ae729"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "84254960534042679304898155536848478938",
                    "229182929739848597540272855473505075433",
                    "115731688294628139041249038760087468019",
                    "156742973387989093744999065882890282457",
                    "18986867539264785500836444447235716003",
                    "327672349231850461330309473341739004649",
                    "261231394109844298851280895027001000244",
                    "229168025549519204340232600263267761807",
                    "275728552090777867912254788668352838754",
                    "151824325577326328618624340157490703907",
                    "9348145879045515320510991002503792313",
                    "148911456807679930241696454170955397488",
                    "112199142315684300816713298166637093662",
                    "187705582706621887419278322729715856347",
                    "263731156095950383603620943064324895933",
                    "297806058703144532571028024813191253497",
                    "51769818584508438110519051427363784447",
                    "113083062255153038556578360505666650981",
                    "325505835386720914190865311049142576472",
                    "62999022195970164746107415712837845449",
                    "112789040044497643031359286117832382587",
                    "308154534991506749896500995657121119093",
                    "200506341704626692209286585776910429216",
                    "101998477725413349209740746363961562237",
                    "32033155045609333690931372275612489014",
                    "179927953864933067046227322835480299827",
                    "17477881472269248878805326582813571863",
                    "180523357266728249606342258885786632422",
                    "149213466137440147855395994301553634432",
                    "126458165601713626752401871524499364634",
                    "70885801530116225762531409400628429665",
                    "102241635113009843242978653705094788505",
                    "9359558918966510524030243105310737953",
                    "14098776365981166191690015329525542095"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/libvnc/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c",
            "target": {
                "file": "libvncclient/rfbproto.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2018-20748-29b68c4a"
        },
        {
            "digest": {
                "function_hash": "19136878182694543325154733579835355724",
                "length": 354.0
            },
            "signature_type": "Function",
            "source": "https://github.com/libvnc/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c",
            "target": {
                "file": "libvncclient/rfbproto.c",
                "function": "ReadReason"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2018-20748-7763fe38"
        },
        {
            "digest": {
                "function_hash": "81516632951978516956560941625738253426",
                "length": 923.0
            },
            "signature_type": "Function",
            "source": "https://github.com/libvnc/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c",
            "target": {
                "file": "libvncclient/rfbproto.c",
                "function": "rfbHandleAuthResult"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2018-20748-b101720b"
        },
        {
            "digest": {
                "function_hash": "239437395293931296180168060981629595350",
                "length": 15751.0
            },
            "signature_type": "Function",
            "source": "https://github.com/libvnc/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae",
            "target": {
                "file": "libvncclient/rfbproto.c",
                "function": "HandleRFBServerMessage"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2018-20748-d032e6dd"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "108087407148696150833288407683186954685",
                    "226737037679807783954352500040664192893",
                    "93437074213428856082594084905517306605",
                    "5769886536685312212134599478874627330"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/libvnc/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7",
            "target": {
                "file": "libvncclient/rfbproto.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2018-20748-f74c34b7"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "45502871852806093800306850285498141930",
                    "5594731090021410434929000863804359344",
                    "165171928812884150623479213230779765620",
                    "117547703167341518813102877771863707798"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/libvnc/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae",
            "target": {
                "file": "libvncclient/rfbproto.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2018-20748-fc9c3b95"
        }
    ]
}