CVE-2018-20023
Description
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LibVNC VNC Repeater client code improperly initializes stack memory, allowing remote attackers to leak stack contents and bypass ASLR.
Vulnerability
CVE-2018-20023 is an improper initialization vulnerability (CWE-665) in the VNC Repeater client code of LibVNC (also known as LibVNCServer) before commit 8b06f835e259652b0ff026898014fc7297ade858 (version 0.9.12). The affected code path does not correctly initialize a stack buffer, leaving residual data that can be read by a remote attacker [1][2].
Exploitation
An attacker can trigger the vulnerability by connecting to a VNC Repeater service that uses the affected LibVNC client library. No authentication is required; the attacker only needs network access to send a specially crafted VNC handshake. The improper initialization causes stack memory to be transmitted back to the attacker in the server response [1].
Impact
Successful exploitation results in information disclosure: the attacker reads stack memory contents from the server process. This can reveal sensitive data such as memory addresses, which can be used to leak the stack memory layout and bypass Address Space Layout Randomization (ASLR) when combined with another vulnerability [1]. The confidentiality impact is high; integrity and availability are not directly affected.
Mitigation
The vendor released a fix in LibVNCServer version 0.9.12 in September 2018 [1]. All users should upgrade to version 0.9.12 or later [2]. No workarounds are available for earlier versions. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19- Range: LibVNCServer-0.9.10, LibVNCServer-0.9.11, LibVNCServer-0.9.8, …
- Range: < 8b06f835e259652b0ff026898014fc7297ade858
- osv-coords17 versionspkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/LibVNCServer&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%207
< 0.9.10-lp150.3.3.1+ 16 more
- (no CPE)range: < 0.9.10-lp150.3.3.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.10-4.3.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.10-4.3.1
- (no CPE)range: < 0.9.9-17.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- security.gentoo.org/glsa/201908-05mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3877-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4547-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4587-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4383mitrevendor-advisoryx_refsource_DEBIAN
- ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2018/12/msg00017.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.