CVE-2018-20749
Description
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap out-of-bounds write in LibVNC's rfbserver.c due to incomplete fix for CVE-2018-15127, potentially leading to code execution.
Vulnerability
The vulnerability resides in libvncserver/rfbserver.c within the file transfer functionality. An incomplete fix for CVE-2018-15127 left a heap out-of-bounds write condition when processing specially crafted file transfer requests. All versions prior to 0.9.12 are affected [3][4].
Exploitation
An attacker with network access to a VNC server using LibVNC can send a malicious file transfer request with a crafted length value that bypasses the incomplete check. No authentication is required if the server allows unauthenticated connections. The attacker triggers the out-of-bounds write by causing a heap allocation and subsequent write that overflows the allocated buffer [3].
Impact
Successful exploitation could lead to remote code execution with the privileges of the VNC server process, or cause a denial of service. The vulnerability allows overwriting adjacent heap memory, potentially giving the attacker control over execution flow [3][4].
Mitigation
Fixed in LibVNC version 0.9.12 (released 2018-12-10) [4]. Users should upgrade to 0.9.12 or later. For systems that cannot upgrade, disabling file transfer or restricting network access to trusted clients may reduce risk.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
23LibVNCServer-0.9.10, LibVNCServer-0.9.11, LibVNCServer-0.9.8, …+ 1 more
- (no CPE)range: LibVNCServer-0.9.10, LibVNCServer-0.9.11, LibVNCServer-0.9.8, …
- (no CPE)range: <0.9.12
- osv-coords21 versionspkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/LibVNCServer&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%207
< 0.9.10-lp150.3.6.1+ 20 more
- (no CPE)range: < 0.9.10-lp150.3.6.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.10-4.6.1
- (no CPE)range: < 0.9.1-160.9.1
- (no CPE)range: < 0.9.1-160.9.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.1-160.9.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.1-160.9.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.9-17.11.1
- (no CPE)range: < 0.9.10-4.6.1
- (no CPE)range: < 0.9.9-17.11.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- usn.ubuntu.com/3877-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4547-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4587-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.securityfocus.com/bid/106825mitrevdb-entryx_refsource_BID
- cert-portal.siemens.com/productcert/pdf/ssa-390195.pdfmitrex_refsource_CONFIRM
- github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707mitrex_refsource_MISC
- github.com/LibVNC/libvncserver/issues/273mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/01/msg00029.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlmitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2018/12/10/8mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.