{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T16:34:50.548","vulnerabilities":[{"cve":{"id":"CVE-2018-20020","sourceIdentifier":"vulnerability@kaspersky.com","published":"2018-12-19T16:29:00.373","lastModified":"2024-11-21T04:00:46.163","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution"},{"lang":"es","value":"LibVNC antes del commit con ID 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contiene una vulnerabilidad de escritura de memoria dinámica (heap) fuera de límites en la estructura del código del cliente VNC que puede resultar en la ejecución remota de código."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.12","matchCriteriaId":"DEF1BF44-78B8-44E3-9A5A-29AB8111322B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/","source":"vulnerability@kaspersky.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html","source":"vulnerability@kaspersky.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html","source":"vulnerability@kaspersky.com"},{"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html","source":"vulnerability@kaspersky.com"},{"url":"https://security.gentoo.org/glsa/201908-05","source":"vulnerability@kaspersky.com"},{"url":"https://security.gentoo.org/glsa/202006-06","source":"vulnerability@kaspersky.com"},{"url":"https://usn.ubuntu.com/3877-1/","source":"vulnerability@kaspersky.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4547-1/","source":"vulnerability@kaspersky.com"},{"url":"https://usn.ubuntu.com/4547-2/","source":"vulnerability@kaspersky.com"},{"url":"https://usn.ubuntu.com/4587-1/","source":"vulnerability@kaspersky.com"},{"url":"https://www.debian.org/security/2019/dsa-4383","source":"vulnerability@kaspersky.com","tags":["Third Party Advisory"]},{"url":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201908-05","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202006-06","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3877-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4547-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/4547-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/4587-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2019/dsa-4383","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}