An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2018/02/18/1 | Exploit Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/103107 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2018:1055 | Third Party Advisory |
https://github.com/LibVNC/libvncserver/issues/218 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html | |
https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html | |
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | |
https://security.gentoo.org/glsa/201908-05 | |
https://usn.ubuntu.com/3618-1/ | Third Party Advisory |
https://usn.ubuntu.com/4547-1/ | |
https://usn.ubuntu.com/4573-1/ | |
https://usn.ubuntu.com/4587-1/ | |
https://www.debian.org/security/2018/dsa-4221 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2018-02-19 15:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-7225
Mitre link : CVE-2018-7225
CVE.ORG link : CVE-2018-7225
JSON object : View
Products Affected
debian
- debian_linux
libvncserver_project
- libvncserver
redhat
- enterprise_linux_server_tus
- enterprise_linux_server_aus
- enterprise_linux_workstation
- enterprise_linux_server_eus
- enterprise_linux_server
- enterprise_linux_desktop
canonical
- ubuntu_linux
CWE
CWE-190
Integer Overflow or Wraparound