{"containers": {"cna": {"affected": [{"product": "LibVNC", "vendor": "n/a", "versions": [{"status": "affected", "version": "commit 73cb96fec028a576a5a24417b57723b55854ad7b"}]}], "datePublic": "2018-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution"}], "problemTypes": [{"descriptions": [{"description": "Heap Use-After-Free", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-31T00:06:44", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"name": "[debian-lts-announce] 20190131 [SECURITY] [DLA 1652-1] libvncserver security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"}, {"name": "DSA-4383", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4383"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/"}, {"name": "USN-3877-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3877-1/"}, {"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "ID": "CVE-2018-15126", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibVNC", "version": {"version_data": [{"version_value": "commit 73cb96fec028a576a5a24417b57723b55854ad7b"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap Use-After-Free"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20190131 [SECURITY] [DLA 1652-1] libvncserver security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"}, {"name": "DSA-4383", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4383"}, {"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/"}, {"name": "USN-3877-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3877-1/"}, {"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:46:25.371Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20190131 [SECURITY] [DLA 1652-1] libvncserver security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"}, {"name": "DSA-4383", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4383"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/"}, {"name": "USN-3877-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3877-1/"}, {"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}]}]}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2018-15126", "datePublished": "2018-12-19T16:00:00", "dateReserved": "2018-08-06T00:00:00", "dateUpdated": "2024-08-05T09:46:25.371Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEF1BF44-78B8-44E3-9A5A-29AB8111322B", "versionEndExcluding": "0.9.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution"}, {"lang": "es", "value": "LibVNC antes del commit con ID 73cb96fec028a576a5a24417b57723b55854ad7b contiene una vulnerabilidad de uso de memoria din\u00e1mica (heap) previamente liberada en el c\u00f3digo del servidor de la extensi\u00f3n de transferencia de archivos que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2018-15126", "lastModified": "2024-11-21T03:50:21.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-19T16:29:00.247", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/"}, {"source": "vulnerability@kaspersky.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"}, {"source": "vulnerability@kaspersky.com", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}, {"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3877-1/"}, {"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4383"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3877-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4383"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libvncserver: Use-after-free in file transfer extension allows for potential code execution", "id": "1661110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661110"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution"], "name": "CVE-2018-15126", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libvncserver", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libvncserver", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libvncserver", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-12-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-15126\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15126\nhttps://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/"], "statement": "This issue did not affect the versions of libvncserver as shipped with Red Hat Enterprise Linux 6 and 7, as they did not include support for tightvnc file transfer.", "threat_severity": "Important"}