Fluid Attacks Database

Description

LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	veyon	>=0 <4.1.4+repack1-1	4.1.4+repack1-1
debian 13	libvncserver	>=0 <0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
debian 14	libvncserver	>=0 <0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
debian 11	libvncserver	>=0 <0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
debian 12	libvncserver	>=0 <0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
debian 11	ssvnc	>=0 <1.0.29-5	1.0.29-5
debian 12	ssvnc	>=0 <1.0.29-5	1.0.29-5
debian 13	ssvnc	>=0 <1.0.29-5	1.0.29-5
debian 11	tightvnc	>=0 <1:1.3.9-9.1	1:1.3.9-9.1
debian 12	tightvnc	>=0 <1:1.3.9-9.1	1:1.3.9-9.1

1-10 of 17

Aliases

1. CVE-2018-200212. NVD-2018-200213. OSV-DEBIAN-2018-200214. OSV-2018-200215. SECURITY-TRACKER-CVE-2018-20021

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.