CVE-2018-20748

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-20748
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20748.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-20748
Downstream
Related
Published
2019-01-30T18:29:00Z
Modified
2025-10-15T09:33:14.413596Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

References

Affected packages

Git / github.com/libvnc/libvncserver

Affected ranges

Type
GIT
Repo
https://github.com/libvnc/libvncserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a64c3b37af9a6c8f8009d7516874b8d266b42bae
Fixed
c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
Fixed
c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
Fixed
e34bcbb759ca5bef85809967a268fdf214c1ad2c

Affected versions

LibVNCServer-0.*

LibVNCServer-0.9.10
LibVNCServer-0.9.11
LibVNCServer-0.9.8
LibVNCServer-0.9.9

Other

X11VNC_0_9_10
X11VNC_0_9_11
X11VNC_0_9_12
X11VNC_0_9_7
X11VNC_0_9_8
X11VNC_0_9_9
X11VNC_REL_0_9_4
X11VNC_REL_0_9_5
X11VNC_REL_0_9_6

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/libvnc/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a",
        "signature_type": "Function",
        "digest": {
            "function_hash": "12073792519026169399055785631219693532",
            "length": 15576.0
        },
        "target": {
            "function": "HandleRFBServerMessage",
            "file": "libvncclient/rfbproto.c"
        },
        "id": "CVE-2018-20748-08854b13"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/libvnc/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "270509393327960365748685557792116831529",
                "339080614919184849562659400147945780071",
                "64130665682880843821983036439133378936"
            ]
        },
        "target": {
            "file": "libvncclient/rfbproto.c"
        },
        "id": "CVE-2018-20748-0b22567d"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/libvnc/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7",
        "signature_type": "Function",
        "digest": {
            "function_hash": "10960388733564271478810429185117381064",
            "length": 5908.0
        },
        "target": {
            "function": "InitialiseRFBConnection",
            "file": "libvncclient/rfbproto.c"
        },
        "id": "CVE-2018-20748-176ae729"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/libvnc/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "84254960534042679304898155536848478938",
                "229182929739848597540272855473505075433",
                "115731688294628139041249038760087468019",
                "156742973387989093744999065882890282457",
                "18986867539264785500836444447235716003",
                "327672349231850461330309473341739004649",
                "261231394109844298851280895027001000244",
                "229168025549519204340232600263267761807",
                "275728552090777867912254788668352838754",
                "151824325577326328618624340157490703907",
                "9348145879045515320510991002503792313",
                "148911456807679930241696454170955397488",
                "112199142315684300816713298166637093662",
                "187705582706621887419278322729715856347",
                "263731156095950383603620943064324895933",
                "297806058703144532571028024813191253497",
                "51769818584508438110519051427363784447",
                "113083062255153038556578360505666650981",
                "325505835386720914190865311049142576472",
                "62999022195970164746107415712837845449",
                "112789040044497643031359286117832382587",
                "308154534991506749896500995657121119093",
                "200506341704626692209286585776910429216",
                "101998477725413349209740746363961562237",
                "32033155045609333690931372275612489014",
                "179927953864933067046227322835480299827",
                "17477881472269248878805326582813571863",
                "180523357266728249606342258885786632422",
                "149213466137440147855395994301553634432",
                "126458165601713626752401871524499364634",
                "70885801530116225762531409400628429665",
                "102241635113009843242978653705094788505",
                "9359558918966510524030243105310737953",
                "14098776365981166191690015329525542095"
            ]
        },
        "target": {
            "file": "libvncclient/rfbproto.c"
        },
        "id": "CVE-2018-20748-29b68c4a"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/libvnc/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c",
        "signature_type": "Function",
        "digest": {
            "function_hash": "19136878182694543325154733579835355724",
            "length": 354.0
        },
        "target": {
            "function": "ReadReason",
            "file": "libvncclient/rfbproto.c"
        },
        "id": "CVE-2018-20748-7763fe38"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/libvnc/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c",
        "signature_type": "Function",
        "digest": {
            "function_hash": "81516632951978516956560941625738253426",
            "length": 923.0
        },
        "target": {
            "function": "rfbHandleAuthResult",
            "file": "libvncclient/rfbproto.c"
        },
        "id": "CVE-2018-20748-b101720b"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/libvnc/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108087407148696150833288407683186954685",
                "226737037679807783954352500040664192893",
                "93437074213428856082594084905517306605",
                "5769886536685312212134599478874627330"
            ]
        },
        "target": {
            "file": "libvncclient/rfbproto.c"
        },
        "id": "CVE-2018-20748-f74c34b7"
    }
]