CVE Vulnerabilities

CVE-2018-20021

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Dec 19, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
6.5 LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Libvncserver Libvnc_project * 0.9.12 (excluding)
Italc Ubuntu bionic *
Italc Ubuntu trusty *
Italc Ubuntu upstream *
Italc Ubuntu xenial *
Libvncserver Ubuntu bionic *
Libvncserver Ubuntu cosmic *
Libvncserver Ubuntu trusty *
Libvncserver Ubuntu upstream *
Libvncserver Ubuntu xenial *
Ssvnc Ubuntu bionic *
Ssvnc Ubuntu esm-apps/bionic *
Ssvnc Ubuntu trusty *
Ssvnc Ubuntu upstream *
Ssvnc Ubuntu xenial *
Tightvnc Ubuntu bionic *
Tightvnc Ubuntu groovy *
Tightvnc Ubuntu hirsute *
Tightvnc Ubuntu impish *
Tightvnc Ubuntu kinetic *
Tightvnc Ubuntu lunar *
Tightvnc Ubuntu mantic *
Tightvnc Ubuntu trusty *
Tightvnc Ubuntu trusty/esm *
Tightvnc Ubuntu upstream *
Tightvnc Ubuntu xenial *
X11vnc Ubuntu cosmic *
X11vnc Ubuntu trusty *

References