CVE-2018-20021

Impact:
Low
Public Date:
2018-12-19
CWE:
CWE-400
Bugzilla:
1661120: CVE-2018-20021 libvncserver: Infinite loop in VNC client code allows for denial of service

The MITRE CVE dictionary describes this issue as:

LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM

Find out more about CVE-2018-20021 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 libvncserver Not affected
Red Hat Enterprise Linux 6 libvncserver Not affected

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation