CVE-2018-15127

Impact:
Important
Public Date:
2018-12-19
CWE:
CWE-122
Bugzilla:
1661102: CVE-2018-15127 libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution

The MITRE CVE dictionary describes this issue as:

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution

Find out more about CVE-2018-15127 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (libvncserver) RHSA-2019:0059 2019-01-15

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 libvncserver Not affected
Red Hat Enterprise Linux 6 libvncserver Will not fix

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation