It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
01 Apr 2022, 18:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf - Patch, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html - Mailing List, Third Party Advisory |
14 Dec 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-06-30 11:15
Updated : 2024-02-04 21:00
NVD link : CVE-2017-18922
Mitre link : CVE-2017-18922
CVE.ORG link : CVE-2017-18922
JSON object : View
Products Affected
siemens
- simatic_itc1500
- simatic_itc1900_firmware
- simatic_itc2200_pro
- simatic_itc1900_pro
- simatic_itc1500_pro_firmware
- simatic_itc2200_firmware
- simatic_itc1900_pro_firmware
- simatic_itc1500_firmware
- simatic_itc1500_pro
- simatic_itc2200_pro_firmware
- simatic_itc2200
- simatic_itc1900
libvncserver_project
- libvncserver
canonical
- ubuntu_linux
opensuse
- leap
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write