安全公告/【CVE-2018-20022】

基本信息

漏洞名称:
受影响操作系统:桌面操作系统
危险等级:高危
影响源码包:ssvnc
CVSS评分:7.5
发现日期:2021-12-19
修复版本:1.0.29-4+deb10u1

漏洞描述

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR

修复方式

sudo apt update && sudo apt dist-upgrade

漏洞判定

执行命令apt policy PackageName获取软件包版本号,版本小于修复版本,则受此漏洞影响,版本大于等于修复版本,则此漏洞已修复

补丁

参考

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022
https://nvd.nist.gov/vuln/detail/CVE-2018-20022