CVE Vulnerabilities

CVE-2018-20024

NULL Pointer Dereference

Published: Dec 19, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
6.5 LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Libvncserver Libvnc_project * 0.9.12 (excluding)
Italc Ubuntu bionic *
Italc Ubuntu trusty *
Italc Ubuntu upstream *
Italc Ubuntu xenial *
Libvncserver Ubuntu bionic *
Libvncserver Ubuntu cosmic *
Libvncserver Ubuntu trusty *
Libvncserver Ubuntu upstream *
Libvncserver Ubuntu xenial *
Ssvnc Ubuntu bionic *
Ssvnc Ubuntu esm-apps/bionic *
Ssvnc Ubuntu trusty *
Ssvnc Ubuntu upstream *
Ssvnc Ubuntu xenial *
X11vnc Ubuntu cosmic *
X11vnc Ubuntu trusty *

Potential Mitigations

References