CVE-2018-20020
Description
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap out-of-bounds write in LibVNC client code before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d allows remote code execution via crafted VNC server responses.
Vulnerability
The vulnerability is a heap out-of-bounds write in the LibVNC client code, present in LibVNC libraries before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d (which corresponds to version 0.9.12) [1]. The flaw resides in a structure handling VNC client-server communication, triggered when processing specially crafted data from a malicious VNC server.
Exploitation
An attacker must control a VNC server that the victim's VNC client connects to. User interaction is required in the form of initiating the connection (e.g., opening the VNC viewer) [1]. No authentication is needed. The attacker sends malicious data that triggers the out-of-bounds write in the client's heap memory.
Impact
Successful exploitation can lead to remote code execution in the context of the VNC client application [1]. This could allow the attacker to compromise the client system, potentially gaining full control.
Mitigation
The fix was included in LibVNC commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d and the 0.9.12 release [1]. Users should upgrade to LibVNCServer 0.9.12 or later [3]. For Gentoo Linux, the package net-libs/libvncserver should be updated to >=0.9.12 [3]. The ssvnc package, which also uses LibVNC, is discontinued and should be unmerged [2]. No workaround is known.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
25- Range: LibVNCServer-0.9.10, LibVNCServer-0.9.11, LibVNCServer-0.9.8, …
- osv-coords23 versionspkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/LibVNCServer&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%207
< 0.9.10-lp150.3.3.1+ 22 more
- (no CPE)range: < 0.9.10-lp150.3.3.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.10-4.3.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.10-4.3.1
- (no CPE)range: < 0.9.9-17.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- security.gentoo.org/glsa/201908-05mitrevendor-advisoryx_refsource_GENTOO
- security.gentoo.org/glsa/202006-06mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3877-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4547-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4547-2/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4587-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4383mitrevendor-advisoryx_refsource_DEBIAN
- ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2018/12/msg00017.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/11/msg00033.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.